Update alert API | Kibana Guide [7.12]

» » »

« Create alert API Get alert API »

Update alert APIedit

Update the attributes for an existing alert.

Requestedit

PUT <kibana host>:<port>/api/alerts/alert/<id>

PUT <kibana host>:<port>/s/<space_id>/api/alerts/alert/<id>

Path parametersedit

id: (Required, string) The ID of the alert that you want to update.
space_id: (Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request bodyedit

name

(Required, string) A name to reference and search.

tags

(Optional, string array) A list of keywords to reference and search.

schedule

(Required, object) When to run this alert. Use one of the available schedule formats.

Schedule Formats.

A schedule uses a key: value format. Kibana currently supports the Interval format , which specifies the interval in seconds, minutes, hours, or days at which to execute the alert.

Example: { interval: "10s" }, { interval: "5m" }, { interval: "1h" }, { interval: "1d" }.

throttle

(Optional, string) How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.

notifyWhen

(Required, string) The condition for throttling the notification: onActionGroupChange, onActiveAlert, or onThrottleInterval.

params

(Required, object) The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.

actions

(Optional, object array) An array of the following action objects.

Properties of the action objects:

group: (Required, string) Grouping actions is recommended for escalations for different types of alert instances. If you don’t need this, set the value to default.
id: (Required, string) The ID of the action that saved object executes.
actionTypeId: (Required, string) The id of the action type.
params: (Required, object) The map to the params that the action type will receive. params are handled as Mustache templates and passed a default set of context.

Response codeedit

200: Indicates a successful call.

Exampleedit

Update an alert with ID ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 with a different name:

$ curl -X PUT api/alerts/alert/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74

{
  "notifyWhen": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "throttle": null,
}

The API returns the following:

{
  "id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
  "notifyWhen": "onActionGroupChange",
  "params": {
    "aggType": "avg",
  },
  "consumer": "alerts",
  "alertTypeId": "test.alert.type",
  "schedule": {
    "interval": "1m"
  },
  "actions": [],
  "tags": [],
  "name": "new name",
  "enabled": true,
  "throttle": null,
  "apiKeyOwner": "elastic",
  "createdBy": "elastic",
  "updatedBy": "elastic",
  "muteAll": false,
  "mutedInstanceIds": [],
  "updatedAt": "2021-02-10T05:37:19.086Z",
  "createdAt": "2021-02-10T05:37:19.086Z",
  "scheduledTaskId": "0b092d90-6b62-11eb-9e0d-85d233e3ee35",
  "executionStatus": {
    "lastExecutionDate": "2021-02-10T17:55:14.262Z",
    "status": "ok"
  }
}