Update rule API

edit

Update the attributes for an existing rule.

Request

edit

PUT <kibana host>:<port>/api/alerting/rule/<id>

PUT <kibana host>:<port>/s/<space_id>/api/alerting/rule/<id>

Path parameters

edit
id
(Required, string) The ID of the rule that you want to update.
space_id
(Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request body

edit
name
(Required, string) A name to reference and search.
tags
(Optional, string array) A list of keywords to reference and search.
schedule

(Required, object) When to run this rule. Use one of the available schedule formats.

Schedule Formats.

A schedule uses a key: value format. Kibana currently supports the Interval format , which specifies the interval in seconds, minutes, hours, or days at which to execute the rule.

Example: { interval: "10s" }, { interval: "5m" }, { interval: "1h" }, { interval: "1d" }.

throttle
(Optional, string) How often this rule should fire the same actions. This will prevent the rule from sending out the same notification over and over. For example, if a rule with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
notify_when
(Required, string) The condition for throttling the notification: onActionGroupChange, onActiveAlert, or onThrottleInterval.
params
(Required, object) The parameters to pass to the rule type executor params value. This will also validate against the rule type params validator, if defined.
actions

(Optional, object array) An array of the following action objects.

Properties of the action objects:
group
(Required, string) Grouping actions is recommended for escalations for different types of alerts. If you don’t need this, set the value to default.
id
(Required, string) The ID of the action that saved object executes.
params
(Required, object) The map to the params that the connector type will receive. params are handled as Mustache templates and passed a default set of context.

Response code

edit
200
Indicates a successful call.

Example

edit

Update a rule with ID ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 with a different name:

$ curl -X PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74

{
  "notify_when": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "throttle": null,
}

The API returns the following:

{
  "id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
  "notify_when": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "consumer": "alerts",
  "rule_type_id": "test.rule.type",
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "enabled": true,
  "throttle": null,
  "api_key_owner": "elastic",
  "created_by": "elastic",
  "updated_by": "elastic",
  "mute_all": false,
  "muted_alert_ids": [],
  "updated_at": "2021-02-10T05:37:19.086Z",
  "created_at": "2021-02-10T05:37:19.086Z",
  "scheduled_task_id": "0b092d90-6b62-11eb-9e0d-85d233e3ee35",
  "execution_status": {
    "last_execution_date": "2021-02-10T17:55:14.262Z",
    "status": "ok"
  }
}