Get a paginated set of alerts | Kibana API documentation (v8)

Get a paginated set of alerts Deprecated

GET /api/alerts/alerts/_find

Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert params are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.

Query parameters

default_search_operator string

The default operator to use for the simple_query_string.

Default value is OR.
fields array[string]

The fields to return in the attributes key of the response.
filter string

A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22.
has_reference object

Filters the rules that have a relation with the reference objects with a specific type and identifier.

Additional properties are allowed.
Hide has_reference attributes Show has_reference attributes object
- id string
- type string
page integer

The page number to return.

Default value is 1.
per_page integer

The number of alerts to return per page.

Default value is 20.
search string

An Elasticsearch simple_query_string query that filters the alerts in the response.
search_fields string | array[string]

The fields to perform the simple_query_string parsed query against.
sort_field string

Determines which field is used to sort the results. The field must exist in the attributes key of the response.
sort_order string

Determines the sort order.

Values are asc or desc. Default value is desc.

Responses

200 application/json; Elastic-Api-Version=2023-10-31

Indicates a successful call.
Hide response attributes Show response attributes object
- data array[object]
  
  Hide data attributes Show data attributes object
  
  actions array[object]
  
  Additional properties are allowed.
  
  alertTypeId string
  
  apiKeyOwner string | null
  
  createdAt string(date-time)
  
  The date and time that the alert was created.
  
  createdBy string
  
  The identifier for the user that created the alert.
  
  enabled boolean
  
  Indicates whether the alert is currently enabled.
  
  executionStatus object
  
  Additional properties are allowed.
  
  Hide executionStatus attributes Show executionStatus attributes object
  
  lastExecutionDate string(date-time)
  
  status string
  
  id string
  
  The identifier for the alert.
  
  muteAll boolean
  
  mutedInstanceIds array[string] | null
  
  name string
  
  The name of the alert.
  
  notifyWhen string
  
  params object
  
  Additional properties are allowed.
  
  schedule object
  
  Additional properties are allowed.
  
  Hide schedule attribute Show schedule attribute object
  
  interval string
  
  scheduledTaskId string
  
  tags array[string]
  
  throttle string | null
  
  updatedAt string
  
  updatedBy string | null
  
  The identifier for the user that updated this alert most recently.
- page integer
- perPage integer
- total integer
401 application/json; Elastic-Api-Version=2023-10-31

Authorization information is missing or invalid.
Hide response attributes Show response attributes object
- error string
  
  Value is Unauthorized.
- message string
- statusCode integer
  
  Value is 401.

GET /api/alerts/alerts/_find

curl \
 --request GET https://localhost:5601/api/alerts/alerts/_find \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "data": [
    {
      "actions": [
        {}
      ],
      "alertTypeId": ".index-threshold",
      "apiKeyOwner": "elastic",
      "createdAt": "2022-12-05T23:36:58.284Z",
      "createdBy": "elastic",
      "enabled": true,
      "executionStatus": {
        "lastExecutionDate": "2022-12-06T00:13:43.890Z",
        "status": "ok"
      },
      "id": "b530fed0-74f5-11ed-9801-35303b735aef",
      "muteAll": false,
      "mutedInstanceIds": [
        "string"
      ],
      "name": "my alert",
      "notifyWhen": "onActionGroupChange",
      "params": {},
      "schedule": {
        "interval": "string"
      },
      "scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
      "tags": [
        "string"
      ],
      "throttle": "string",
      "updatedAt": "2022-12-05T23:36:58.284Z",
      "updatedBy": "elastic"
    }
  ],
  "page": 42,
  "perPage": 42,
  "total": 42
}

Response examples (401)

{
  "error": "Unauthorized",
  "message": "string",
  "statusCode": 401
}