Spaces method and path for this operation:
get /s/{space_id}/api/streams/{name}/significant_events
Refer to Spaces for more information.
Read the significant events
[Required authorization] Route required privileges: read_stream.
Query parameters
-
The bucket size for aggregating events (e.g. "1m", "1h").
-
Query string to filter significant events on metadata fields
-
Search mode: keyword (BM25), semantic (vector), or hybrid (RRF). When omitted, defaults to hybrid with a silent keyword fallback on failure. When set explicitly, failures propagate as errors.
Values are
keyword,semantic, orhybrid.
GET
/api/streams/{name}/significant_events
curl \
--request GET 'https://<KIBANA_URL>/api/streams/{name}/significant_events?from=string&to=string&bucketSize=string' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json"
Response examples (200)
{
"aggregated_occurrences": [
{
"count": 42,
"date": "2025-01-15T10:00:00.000Z"
},
{
"count": 18,
"date": "2025-01-15T11:00:00.000Z"
},
{
"count": 7,
"date": "2025-01-15T12:00:00.000Z"
}
],
"significant_events": [
{
"change_points": {
"type": {
"spike": {
"change_point": 1,
"p_value": 0.002
}
}
},
"description": "Count error-level log events grouped by host name",
"esql": {
"query": "FROM logs.nginx | WHERE log.level == \"error\" | STATS count = COUNT(*) BY host.name"
},
"id": "error-count-by-host",
"occurrences": [
{
"count": 42,
"date": "2025-01-15T10:00:00.000Z"
},
{
"count": 18,
"date": "2025-01-15T11:00:00.000Z"
},
{
"count": 7,
"date": "2025-01-15T12:00:00.000Z"
}
],
"rule_backed": false,
"severity_score": 75,
"stream_name": "logs.nginx",
"title": "Error count by host",
"type": "match"
}
]
}