Get rule types API

edit

Retrieve a list of rule types that the user is authorized to access.

Request

edit

GET <kibana host>:<port>/api/alerting/rule_types

GET <kibana host>:<port>/s/<space_id>/api/alerting/rule_types

Prerequisites

edit

If you have read privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. To get rule types associated with the Stack Monitoring feature, use the monitoring_user built-in role.

For more details, refer to Feature privileges.

Description

edit

Each rule type includes a list of authorized consumer features. For each feature, users are authorized to perform either read or all operations on rules of that type. This enables you to determine which rule types you can read, create, or modify. If you want to create or edit a rule in Kibana, some rule types are limited to specific features and apps.

Path parameters

edit
space_id
(Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Response body

edit

Each rule type has the following properties in the API response:

action_groups
(array of objects) An explicit list of groups for which the rule type can schedule actions, each with the action group’s unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid.
action_variables
(object) A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
authorized_consumers
(object) The list of the plugins IDs that have access to the rule type.
default_action_group_id
(string) The default ID for the rule type group.
does_set_recovery_context
(boolean) Indicates whether the rule passes context variables to its recovery action.
enabled_in_license
(boolean) Indicates whether the rule type is enabled or disabled based on the subscription.
id
(string) The unique identifier for the rule type.
is_exportable
(boolean) Indicates whether the rule type is exportable in Stack Management > Saved Objects.
minimum_license_required
(string) The subscriptions required to use the rule type.
name
(string) The descriptive name of the rule type.
producer
(string) An identifier for the application that produces this rule type.
recovery_action_group
(object) An action group to use when an alert goes from an active state to an inactive one.

Response codes

edit
200
Indicates a successful call.

Examples

edit
GET api/alerting/rule_types

For example, if you have read privileges for the Observability Logs app, the API returns the following:

[
   {
      "id":"logs.alert.document.count",
      "name":"Log threshold",
      "producer":"logs",
      "enabled_in_license":true,
      "recovery_action_group":{
         "id":"recovered",
         "name":"Recovered"
      },
      "action_groups":[
         {
            "id":"logs.threshold.fired",
            "name":"Fired"
         },
         {
            "id":"recovered",
            "name":"Recovered"
         }
      ],
      "default_action_group_id":"logs.threshold.fired",
      "minimum_license_required":"basic",
      "is_exportable":true,
      "rule_task_timeout":"5m",
      "action_variables":{
         "context":[
            {
               "name":"timestamp",
               "description":"UTC timestamp of when the alert was triggered"
            },
            {
               "name":"matchingDocuments",
               "description":"The number of log entries that matched the conditions provided"
            },
            {
               "name":"conditions",
               "description":"The conditions that log entries needed to fulfill"
            },
            ...
         ],
         "state":[],
         "params":[]
      },
      "authorized_consumers":{
         "logs":{"read":true,"all":false},
         "alerts":{"read":true,"all":false}
      },
      "does_set_recovery_context":true
   }
]