Create or update a stream Technical Preview

PUT /api/streams/{name}
Api key auth

Spaces method and path for this operation:

put /s/{space_id}/api/streams/{name}

Refer to Spaces for more information.

Creates or updates a stream definition. Classic streams can not be created through this API, only updated

[Required authorization] Route required privileges: manage_stream.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Path parameters

  • name string Required
application/json

Body object

Any of:
Kibana_HTTP_APIs_WiredStreamUpsertRequest object Kibana_HTTP_APIs_ClassicStreamUpsertRequest object Kibana_HTTP_APIs_QueryStreamUpsertRequest object
PUT /api/streams/{name} 
curl \
 --request PUT 'https://<KIBANA_URL>/api/streams/{name}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --header "kbn-xsrf: true" \
 --data '{"rules":[],"stream":{"type":"query","query":{"esql":"FROM logs* | WHERE log.level == \"error\"","view":"logs.errors-view"},"description":"All error-level logs across every stream"},"queries":[],"dashboards":[]}'
Request examples 
{
  "rules": [],
  "stream": {
    "type": "query",
    "query": {
      "esql": "FROM logs* | WHERE log.level == \"error\"",
      "view": "logs.errors-view"
    },
    "description": "All error-level logs across every stream"
  },
  "queries": [],
  "dashboards": []
}
{
  "rules": [],
  "stream": {
    "type": "wired",
    "ingest": {
      "wired": {
        "fields": {
          "message": {
            "type": "match_only_text"
          },
          "host.name": {
            "type": "keyword"
          },
          "http.response.status_code": {
            "type": "long"
          }
        },
        "routing": [
          {
            "where": {
              "gte": 500,
              "field": "http.response.status_code"
            },
            "status": "enabled",
            "destination": "logs.nginx.errors"
          }
        ]
      },
      "settings": {},
      "lifecycle": {
        "inherit": {}
      },
      "processing": {
        "steps": []
      },
      "failure_store": {
        "inherit": {}
      }
    },
    "description": "Web server access logs, routed by severity"
  },
  "queries": [],
  "dashboards": []
}
{
  "rules": [],
  "stream": {
    "type": "classic",
    "ingest": {
      "classic": {},
      "settings": {},
      "lifecycle": {
        "dsl": {
          "data_retention": "30d"
        }
      },
      "processing": {
        "steps": [
          {
            "from": "message",
            "action": "grok",
            "patterns": [
              "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log.level} %{GREEDYDATA:message}"
            ],
            "ignore_missing": true
          }
        ]
      },
      "failure_store": {
        "disabled": {}
      }
    },
    "description": "Legacy application logs managed as a classic data stream"
  },
  "queries": [],
  "dashboards": []
}