IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Create alert API Get alert API »
Elastic Docs Kibana Guide [7.12] REST API Alerts APIs

Update alert API

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Update alert API

edit

Update the attributes for an existing alert.

Request

edit

PUT <kibana host>:<port>/api/alerts/alert/<id>

PUT <kibana host>:<port>/s/<space_id>/api/alerts/alert/<id>

Path parameters

edit
id
(Required, string) The ID of the alert that you want to update.
space_id
(Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request body

edit
name
(Required, string) A name to reference and search.
tags
(Optional, string array) A list of keywords to reference and search.
schedule

(Required, object) When to run this alert. Use one of the available schedule formats.

Schedule Formats.

A schedule uses a key: value format. Kibana currently supports the Interval format , which specifies the interval in seconds, minutes, hours, or days at which to execute the alert.

Example: { interval: "10s" }, { interval: "5m" }, { interval: "1h" }, { interval: "1d" }.

throttle
(Optional, string) How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
notifyWhen
(Required, string) The condition for throttling the notification: onActionGroupChange, onActiveAlert, or onThrottleInterval.
params
(Required, object) The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
actions

(Optional, object array) An array of the following action objects.

Properties of the action objects:
group
(Required, string) Grouping actions is recommended for escalations for different types of alert instances. If you don’t need this, set the value to default.
id
(Required, string) The ID of the action that saved object executes.
actionTypeId
(Required, string) The id of the action type.
params
(Required, object) The map to the params that the action type will receive. params are handled as Mustache templates and passed a default set of context.

Response code

edit
200
Indicates a successful call.

Example

edit

Update an alert with ID ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 with a different name:

$ curl -X PUT api/alerts/alert/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74

{
  "notifyWhen": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "throttle": null,
}

The API returns the following:

{
  "id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
  "notifyWhen": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "consumer": "alerts",
  "alertTypeId": "test.alert.type",
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "enabled": true,
  "throttle": null,
  "apiKeyOwner": "elastic",
  "createdBy": "elastic",
  "updatedBy": "elastic",
  "muteAll": false,
  "mutedInstanceIds": [],
  "updatedAt": "2021-02-10T05:37:19.086Z",
  "createdAt": "2021-02-10T05:37:19.086Z",
  "scheduledTaskId": "0b092d90-6b62-11eb-9e0d-85d233e3ee35",
  "executionStatus": {
    "lastExecutionDate": "2021-02-10T17:55:14.262Z",
    "status": "ok"
  }
}
« Create alert API Get alert API »