IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get alerting framework health API Get rule types API »
Elastic Docs Kibana Guide [8.7] REST API Alerting APIs

Get rule API

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Get rule API

edit

Retrieve a rule by ID.

For the most up-to-date API details, refer to the open API specification.

Request

edit

GET <kibana host>:<port>/api/alerting/rule/<id>

GET <kibana host>:<port>/s/<space_id>/api/alerting/rule/<id>

Prerequisites

edit

You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you’re seeking. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. To get rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.

For more details, refer to Feature privileges.

Path parameters

edit
id
(Required, string) The identifier of the rule to retrieve.
space_id
(Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Response codes

edit
200
Indicates a successful call.

Examples

edit

Retrieve the rule object with the ID 41893910-6bca-11eb-9e0d-85d233e3ee35:

GET api/alerting/rule/41893910-6bca-11eb-9e0d-85d233e3ee35

The API returns the following:

{
  "id":"31697a40-7b36-11ed-aa79-f742c05329b2",
  "consumer":"alerts",
  "tags":["cpu"],
  "name":"my alert",
  "enabled":true,
  "throttle":null,
  "schedule":{
    "interval":"1m"
  },
  "params":{
    "aggType":"avg",
    "termSize":6,
    "thresholdComparator":">",
    "timeWindowSize":5,
    "timeWindowUnit":"m",
    "groupBy":"top",
    "threshold":[1000],
    "index":["test-index"],
    "timeField":"@timestamp",
    "aggField":"sheet.version",
    "termField":"name.keyword"
    },
  "rule_type_id":".index-threshold",
  "created_by":"elastic",
  "updated_by":"elastic",
  "created_at":"2022-12-13T22:33:41.163Z",
  "updated_at":"2022-12-13T22:33:41.163Z",
  "api_key_owner":"elastic",
  "notify_when":"onActionGroupChange",
  "muted_alert_ids":[],
  "mute_all":false,
  "scheduled_task_id":"31697a40-7b36-11ed-aa79-f742c05329b2",
  "execution_status":{
    "status":"ok",
    "last_execution_date":"2022-12-13T22:33:44.388Z",
    "last_duration":83
  },
  "actions":[{
    "group":"threshold met",
    "id":"1007a0c0-7a6e-11ed-89d5-abec321c0def",
    "params":{
      "level":"info",
      "message":"alert {{alertName}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
    },
    "connector_type_id":".server-log"
  }],
  "last_run":{
    "alerts_count":{
      "new":0,
      "ignored":0,
      "recovered":0,
      "active":0
    },
    "outcome_msg":null,
    "warning":null,
    "outcome":"succeeded"
  },
  "next_run":"2022-12-13T22:34:44.314Z"
}
« Get alerting framework health API Get rule types API »