Update exception itemedit
Updates an existing exception item.
The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Console.
Request URLedit
PUT <kibana host>:<port>/api/exception_lists/items
Request bodyedit
Name | Type | Description | Required |
---|---|---|---|
|
comments[] |
Array of
|
No, defaults to empty array. |
|
String |
Describes the exception item. |
Yes |
|
Array containing the
exception queries. Boolean |
Yes. |
|
|
String |
The item’s unique identifier. |
Yes, when the item’s |
|
String |
The |
Yes, when
the item’s |
|
Object |
Placeholder for metadata about the exception item. |
No |
|
String |
The exception item’s name. |
Yes. |
|
String |
Determines whether the exception item is available in all Kibana spaces or just the space in which it is created, where:
|
No, defaults to |
|
String[] |
String array containing words and phrases to help categorize exception items. |
No |
|
String |
Exception query type, must be |
Yes |
Example requestedit
Updates the entries
object:
PUT api/exception_lists/items { "description": "Process allowlist", "entries": [ { "field": "process.name", "operator": "included", "type": "match", "value": "maintenance" }, { "field": "host.name", "operator": "included", "type": "match_any", "value": [ "liv-win-anf", "livw-win-mel", "linux-anfield", "new-host" ] } ], "item_id": "allow-process-on-machines", "name": "Host-process exclusions", "namespace_type": "single", "tags": [ "hosts", "processes" ], "type": "simple" }
Response codeedit
-
200
- Indicates a successful call.
Response payloadedit
The updated object, including the time it was updated.
Example response:
{ "_tags": [], "comments": [], "created_at": "2020-07-15T06:28:32.457Z", "created_by": "LiverpoolFC", "description": "Process allowlist", "entries": [ { "field": "process.name", "operator": "included", "type": "match", "value": "maintenance" }, { "field": "host.name", "operator": "included", "type": "match_any", "value": [ "liv-win-anf", "livw-win-mel", "linux-anfield", "new-host" ] } ], "id": "67a70610-c664-11ea-bab5-9d6ae015701b", "item_id": "allow-process-on-machines", "list_id": "allowed-processes", "name": "Host-process exclusions", "namespace_type": "single", "tags": [ "hosts", "processes" ], "tie_breaker_id": "15d7f2eb-7192-4f4b-a803-ad8a4f5efd08", "type": "simple", "updated_at": "2020-07-15T06:28:50.494Z", "updated_by": "LiverpoolFC" }