Upsert a query to a stream | Kibana API documentation

Upsert a query to a stream Technical Preview; added in 9.1.0

PUT /api/streams/{name}/queries/{queryId}

Spaces method and path for this operation:

put /s/{space_id}/api/streams/{name}/queries/{queryId}

Refer to Spaces for more information.

Adds a query to a stream. Noop if the query is already present on the stream.

[Required authorization] Route required privileges: manage_stream.

Headers

kbn-xsrf string Required

A required header to protect against CSRF attacks

Path parameters

name string Required

The name of the stream.
queryId string Required

The identifier of the query.

application/json

Body

description string

Default value is empty.
esql object Required

Additional properties are NOT allowed.
Hide esql attribute Show esql attribute object
- query string Required
evidence array[string]
severity_score number
title string Required

A non-empty string.

Minimum length is 1.

Responses

200

The query was added or updated successfully.

PUT /api/streams/{name}/queries/{queryId}

curl \
 --request PUT 'https://localhost:5601/api/streams/{name}/queries/{queryId}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --header "kbn-xsrf: true" \
 --data '{"description":"Count error-level log events grouped by host name","esql":{"query":"FROM logs* | WHERE log.level == \"error\" | STATS count = COUNT(*) BY host.name"},"title":"Error count by host"}'

Request example

{
  "description": "Count error-level log events grouped by host name",
  "esql": {
    "query": "FROM logs* | WHERE log.level == \"error\" | STATS count = COUNT(*) BY host.name"
  },
  "title": "Error count by host"
}