Authentication

The API accepts 2 different authentication methods:

Api key auth (http_api_key)

These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey

Basic auth (http)

Basic auth tokens are constructed with the Basic keyword, followed by a space, followed by a base64-encoded string of your username:password (separated by a : colon).

Example: send a Authorization: Basic aGVsbG86aGVsbG8= HTTP header with your requests to authenticate with the API.

Delete a connector

DELETE /api/actions/connector/{id}
Api key auth Basic auth

WARNING: When you delete a connector, it cannot be recovered.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Path parameters

  • id string Required

    An identifier for the connector.

Responses

  • 204

    Indicates a successful call.

DELETE /api/actions/connector/{id} 
curl \
 --request DELETE 'https://localhost:5601/api/actions/connector/{id}' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Request agent diagnostics

POST /api/fleet/agents/{agentId}/request_diagnostics
Api key auth Basic auth

[Required authorization] Route required privileges: fleet-agents-read.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Path parameters

application/json

Body

Responses

POST /api/fleet/agents/{agentId}/request_diagnostics 
curl \
 --request POST 'https://localhost:5601/api/fleet/agents/{agentId}/request_diagnostics' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --header "kbn-xsrf: true" \
 --data '{"additional_metrics":["CPU"]}'

Cancel an agent action

POST /api/fleet/agents/actions/{actionId}/cancel
Api key auth Basic auth

[Required authorization] Route required privileges: fleet-agents-all.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Path parameters

Responses

POST /api/fleet/agents/actions/{actionId}/cancel 
curl \
 --request POST 'https://localhost:5601/api/fleet/agents/actions/{actionId}/cancel' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Get a full agent policy

GET /api/fleet/agent_policies/{agentPolicyId}/full
Api key auth Basic auth

Get a full agent policy by ID.

[Required authorization] Route required privileges: fleet-agent-policies-read.

Responses

GET /api/fleet/agent_policies/{agentPolicyId}/full 
curl \
 --request GET 'https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}/full' \
 --header "Authorization: $API_KEY"

Delete an agent

DELETE /api/fleet/agents/{agentId}
Api key auth Basic auth

Delete an agent by ID.

[Required authorization] Route required privileges: fleet-agents-all.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Responses

DELETE /api/fleet/agents/{agentId} 
curl \
 --request DELETE 'https://localhost:5601/api/fleet/agents/{agentId}' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Delete output

DELETE /api/fleet/outputs/{outputId}
Api key auth Basic auth

Delete output by ID.

[Required authorization] Route required privileges: fleet-settings-all.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Responses

DELETE /api/fleet/outputs/{outputId} 
curl \
 --request DELETE 'https://localhost:5601/api/fleet/outputs/{outputId}' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Get a package policy

GET /api/fleet/package_policies/{packagePolicyId}
Api key auth Basic auth

Get a package policy by ID.

Query parameters

  • format string

    Values are simplified or legacy.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • item object Required

      Additional properties are NOT allowed.

      Hide item attributes Show item attributes object
      • additional_datastreams_permissions array[string] | null

        Additional datastream permissions, that will be added to the agent policy.

      • agents number
      • created_at string Required
      • created_by string Required
      • description string

        Package policy description

      • elasticsearch object

        Additional properties are allowed.

        Hide elasticsearch attribute Show elasticsearch attribute object
        • privileges object

          Additional properties are allowed.

          Hide privileges attribute Show privileges attribute object
      • enabled boolean Required
      • id string Required

      • inputs array[object] | object Required

        Any of:
        array-1 array[object] object-2 object
        Hide attributes Show attributes object
        • config object

          Package variable (see integration documentation for more information)

          Hide config attribute Show config attribute object
          • * object Additional properties

            Additional properties are NOT allowed.

            Hide * attributes Show * attributes object
        • enabled boolean Required
        • id string
        • keep_enabled boolean
        • policy_template string
        • streams array[object] Required
          Hide streams attributes Show streams attributes object
          • config object

            Package variable (see integration documentation for more information)

            Hide config attribute Show config attribute object
            • * object Additional properties

              Additional properties are NOT allowed.

              Hide * attributes Show * attributes object
          • data_stream object Required

            Additional properties are NOT allowed.

            Hide data_stream attributes Show data_stream attributes object
          • enabled boolean Required
          • id string
          • keep_enabled boolean
          • release string

            Values are ga, beta, or experimental.

          • vars object

            Package variable (see integration documentation for more information)

            Hide vars attribute Show vars attribute object
            • * object Additional properties

              Additional properties are NOT allowed.

              Hide * attributes Show * attributes object
        • type string Required
        • vars object

          Package variable (see integration documentation for more information)

          Hide vars attribute Show vars attribute object
          • * object Additional properties

            Additional properties are NOT allowed.

            Hide * attributes Show * attributes object
      • is_managed boolean
      • name string Required

        Package policy name (should be unique)

      • namespace string

        The package policy namespace. Leave blank to inherit the agent policy's namespace.

      • output_id string | null
      • overrides object | null

        Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.

        Additional properties are NOT allowed.

        Hide overrides attribute Show overrides attribute object | null
        • inputs object

          Additional properties are allowed.

      • package object

        Additional properties are NOT allowed.

        Hide package attributes Show package attributes object
      • policy_id string | null Deprecated

        Agent policy ID where that package policy will be added

      • policy_ids array[string]

        Agent policy IDs where that package policy will be added

      • revision number Required
      • secret_references array[object]
        Hide secret_references attribute Show secret_references attribute object
        • id string Required
      • spaceIds array[string]
      • supports_agentless boolean | null

        Indicates whether the package policy belongs to an agentless agent policy.

        Default value is false.

      • updated_at string Required
      • updated_by string Required

      • vars object

        Any of:
        object-1 object object-2 object

        Package variable (see integration documentation for more information)

        Hide attribute Show attribute
        • * object Additional properties

          Additional properties are NOT allowed.

          Hide * attributes Show * attributes object
      • version string
  • 400 application/json
    Hide response attributes Show response attributes object
  • 404 application/json
    Hide response attribute Show response attribute object
GET /api/fleet/package_policies/{packagePolicyId} 
curl \
 --request GET 'https://localhost:5601/api/fleet/package_policies/{packagePolicyId}' \
 --header "Authorization: $API_KEY"

Archive a maintenance window. Generally available; added in 9.1.0

POST /api/maintenance_window/{id}/_archive
Api key auth Basic auth

[Required authorization] Route required privileges: write-maintenance-window.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

Path parameters

  • id string Required

    The identifier for the maintenance window to be archived.

Responses

  • 200 application/json

    Indicates a successful call.

    Hide response attributes Show response attributes object
    • created_at string Required

      The date and time when the maintenance window was created.

    • created_by string | null Required

      The identifier for the user that created the maintenance window.

    • enabled boolean Required

      Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.

    • id string Required

      The identifier for the maintenance window.

    • schedule object Required

      Additional properties are NOT allowed.

      Hide schedule attribute Show schedule attribute object
      • custom object Required

        Additional properties are NOT allowed.

        Hide custom attributes Show custom attributes object
        • duration string Required

          The duration of the schedule. It allows values in <integer><unit> format. <unit> is one of d, h, m, or s for hours, minutes, seconds. For example: 1d, 5h, 30m, 5000s.

        • recurring object

          Additional properties are NOT allowed.

          Hide recurring attributes Show recurring attributes object
          • end string

            The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: 2025-04-01T00:00:00.000Z.

          • every string

            The interval and frequency of a recurring schedule. It allows values in <integer><unit> format. <unit> is one of d, w, M, or y for days, weeks, months, years. For example: 15d, 2w, 3m, 1y.

          • occurrences number

            The total number of recurrences of the schedule.

          • onMonth array[number]

            The specific months for a recurring schedule. Valid values are 1-12.

          • onMonthDay array[number]

            The specific days of the month for a recurring schedule. Valid values are 1-31.

          • onWeekDay array[string]

            The specific days of the week ([MO,TU,WE,TH,FR,SA,SU]) or nth day of month ([+1MO, -3FR, +2WE, -4SA, -5SU]) for a recurring schedule.

        • start string Required

          The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: 2025-03-12T12:00:00.000Z.

        • timezone string

          The timezone of the schedule. The default timezone is UTC.

    • scope object

      Additional properties are NOT allowed.

      Hide scope attribute Show scope attribute object
      • alerting object Required

        Additional properties are NOT allowed.

        Hide alerting attribute Show alerting attribute object
        • query object Required

          Additional properties are NOT allowed.

          Hide query attribute Show query attribute object
          • kql string Required

            A filter written in Kibana Query Language (KQL).

    • status string Required

      The current status of the maintenance window.

      Values are running, upcoming, finished, or archived.

    • title string Required

      The name of the maintenance window.

    • updated_at string Required

      The date and time when the maintenance window was last updated.

    • updated_by string | null Required

      The identifier for the user that last updated this maintenance window.
  • 400

    Indicates an invalid schema or parameters.

  • 403

    Indicates that this call is forbidden.

  • 404

    Indicates a maintenance window with the given ID does not exist.

POST /api/maintenance_window/{id}/_archive 
curl \
 --request POST 'https://localhost:5601/api/maintenance_window/{id}/_archive' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Update a conversation

PUT /api/security_ai_assistant/current_user/conversations/{id}
Api key auth Basic auth

Update an existing conversation using the conversation ID. This endpoint allows users to modify the details of an existing conversation.

Path parameters

  • id string(nonempty) Required

    The conversation's id value.

    Minimum length is 1.

application/json

Body Required

  • apiConfig object

    LLM API configuration.

    Hide apiConfig attributes Show apiConfig attributes object
  • category string

    The conversation category.

    Values are assistant or insights.

  • excludeFromLastConversationStorage boolean

    Exclude from last conversation storage.

  • id string(nonempty) Required

    The ID of the anonymization field.

    Minimum length is 1.

  • messages array[object]

    The conversation messages.

    AI assistant conversation message.

    Hide messages attributes Show messages attributes object
    • content string Required

      Message content.

    • isError boolean

      Is error message.

    • metadata object

      Metadata

      Hide metadata attribute Show metadata attribute object
    • reader object

      Message content.

      Additional properties are allowed.

    • role string Required

      Message role.

      Values are system, user, or assistant.

    • timestamp string(nonempty) Required

      Timestamp when the anonymization field was initially created.

      Minimum length is 1.

    • traceData object

      Trace data

      Hide traceData attributes Show traceData attributes object
      • traceId string

        Could be any string, not necessarily a UUID

      • transactionId string

        Could be any string, not necessarily a UUID

  • replacements object

    Replacements object used to anonymize/deanonymize messages

    Hide replacements attribute Show replacements attribute object
    • * string Additional properties
  • summary object
    Hide summary attributes Show summary attributes object
    • confidence string

      How confident you are about this being a correct and useful learning.

      Values are low, medium, or high.

    • content string

      Summary text of the conversation over time.

    • public boolean

      Define if summary is marked as publicly available.

    • timestamp string(nonempty)

      Timestamp when the anonymization field was initially created.

      Minimum length is 1.

  • title string

    The conversation title.

Responses

  • 200 application/json

    Indicates a successful call. The conversation was updated successfully.

    Hide response attributes Show response attributes object
    • apiConfig object

      LLM API configuration.

      Hide apiConfig attributes Show apiConfig attributes object
    • category string Required

      The conversation category.

      Values are assistant or insights.

    • createdAt string Required

      The time conversation was created.

    • excludeFromLastConversationStorage boolean

      Exclude from last conversation storage.

    • id string(nonempty) Required

      The ID of the anonymization field.

      Minimum length is 1.

    • messages array[object]

      The conversation messages.

      AI assistant conversation message.

      Hide messages attributes Show messages attributes object
      • content string Required

        Message content.

      • isError boolean

        Is error message.

      • metadata object

        Metadata

        Hide metadata attribute Show metadata attribute object
      • reader object

        Message content.

        Additional properties are allowed.

      • role string Required

        Message role.

        Values are system, user, or assistant.

      • timestamp string(nonempty) Required

        Timestamp when the anonymization field was initially created.

        Minimum length is 1.

      • traceData object

        Trace data

        Hide traceData attributes Show traceData attributes object
        • traceId string

          Could be any string, not necessarily a UUID

        • transactionId string

          Could be any string, not necessarily a UUID

    • namespace string Required

      Kibana space

    • replacements object

      Replacements object used to anonymize/deanonymize messages

      Hide replacements attribute Show replacements attribute object
      • * string Additional properties
    • summary object
      Hide summary attributes Show summary attributes object
      • confidence string

        How confident you are about this being a correct and useful learning.

        Values are low, medium, or high.

      • content string

        Summary text of the conversation over time.

      • public boolean

        Define if summary is marked as publicly available.

      • timestamp string(nonempty)

        Timestamp when the anonymization field was initially created.

        Minimum length is 1.

    • timestamp string(nonempty)

      Timestamp when the anonymization field was initially created.

      Minimum length is 1.

    • title string Required

      The conversation title.

    • updatedAt string

      The last time conversation was updated.

    • users array[object] Required

      Could be any string, not necessarily a UUID.

      Hide users attributes Show users attributes object
  • 400 application/json

    Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data.

    Hide response attributes Show response attributes object
PUT /api/security_ai_assistant/current_user/conversations/{id} 
curl \
 --request PUT 'https://localhost:5601/api/security_ai_assistant/current_user/conversations/abc123' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"title":"Updated Security Discussion","category":"insights","messages":[{"role":"assistant","content":"The issue was resolved.","timestamp":"2023-10-31T12:30:00Z"}],"apiConfig":{"connectorId":"54321","actionTypeId":"09876"},"replacements":{},"excludeFromLastConversationStorage":true}'
Request example 
{
  "title": "Updated Security Discussion",
  "category": "insights",
  "messages": [
    {
      "role": "assistant",
      "content": "The issue was resolved.",
      "timestamp": "2023-10-31T12:30:00Z"
    }
  ],
  "apiConfig": {
    "connectorId": "54321",
    "actionTypeId": "09876"
  },
  "replacements": {},
  "excludeFromLastConversationStorage": true
}
Response examples (200) 
{
  "id": "abc123",
  "title": "Updated Security Discussion",
  "users": [
    {
      "id": "user1",
      "name": "John Doe"
    }
  ],
  "category": "insights",
  "messages": [
    {
      "role": "assistant",
      "content": "The issue was resolved.",
      "timestamp": "2023-10-31T12:30:00Z"
    }
  ],
  "apiConfig": {
    "connectorId": "54321",
    "actionTypeId": "09876"
  },
  "createdAt": "2023-10-31T12:01:00Z",
  "updatedAt": "2023-10-31T12:31:00Z",
  "replacements": {},
  "excludeFromLastConversationStorage": true
}

Get action details

GET /api/endpoint/action/{action_id}
Api key auth Basic auth

Get the details of a response action using the action ID.

Path parameters

  • action_id string Required

    The ID of the action to retrieve.

Responses

  • 200 application/json

    OK
GET /api/endpoint/action/{action_id} 
curl \
 --request GET 'https://localhost:5601/api/endpoint/action/fr518850-681a-4y60-aa98-e22640cae2b8' \
 --header "Authorization: $API_KEY"
Response examples (200) 
{
  "data": {
    "id": "b3d6de74-36b0-4fa8-be46-c375bf1771bf",
    "agents": [
      "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
    ],
    "command": "running-processes",
    "outputs": {
      "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0": {
        "type": "json",
        "content": {
          "entries": [
            {
              "pid": "822",
              "user": "Dexter",
              "command": "/opt/cmd1",
              "entity_id": "fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt"
            },
            {
              "pid": "984",
              "user": "Jada",
              "command": "/opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3",
              "entity_id": "pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt"
            }
          ]
        }
      }
    },
    "agentType": "endpoint",
    "createdBy": "elastic",
    "isExpired": false,
    "startedAt": "2022-08-08T15:24:57.402Z",
    "completedAt": "2022-08-08T09:50:47.672Z",
    "isCompleted": true,
    "wasSuccessful": true
  }
}

Update a monitored user

PUT /api/entity_analytics/monitoring/users/{id}
Api key auth Basic auth

Path parameters

  • id string Required
application/json

Body Required

Responses

PUT /api/entity_analytics/monitoring/users/{id} 
curl \
 --request PUT 'https://localhost:5601/api/entity_analytics/monitoring/users/{id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"@timestamp":"2025-05-04T09:42:00Z","entity_analytics_monitoring":{"labels":[{"field":"string","source":"string","value":"string"}]},"event":{"ingested":"2025-05-04T09:42:00Z"},"id":"string","labels":{"monitoring":{"privileged_users":"monitored"},"source_indices":["string"],"source_integrations":["string"],"sources":["csv"]},"user":{"name":"string"}}'

Initialize an Entity Engine

POST /api/entity_store/engines/{entityType}/init
Api key auth Basic auth

Path parameters

  • entityType string Required

    The entity type of the engine (either 'user' or 'host').

    Values are user, host, service, or generic.

application/json

Body Required

Schema for the engine initialization

  • delay string

    The delay before the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • docsPerSecond integer

    The number of documents per second to process.

  • enrichPolicyExecutionInterval string

    Interval in which enrich policy runs. For example, "1h" means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,

    Format should match the following pattern: ^[1-9]\d*[smh]$.

  • fieldHistoryLength integer

    The number of historical values to keep for each field.

    Default value is 10.

  • filter string
  • frequency string

    The frequency at which the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • indexPattern string
  • lookbackPeriod string

    The amount of time the transform looks back to calculate the aggregations.

    Format should match the following pattern: [smdh]$. Default value is 24h.

  • timeout string

    The timeout for initializing the aggregating transform.

    Format should match the following pattern: [smdh]$. Default value is 180s.

  • timestampField string

    The field to use as the timestamp for the entity type.

    Default value is @timestamp.

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
  • 400

    Invalid request

POST /api/entity_store/engines/{entityType}/init 
curl \
 --request POST 'https://localhost:5601/api/entity_store/engines/{entityType}/init' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"delay":"1m","docsPerSecond":42,"enrichPolicyExecutionInterval":"1h","fieldHistoryLength":10,"filter":"string","frequency":"1m","indexPattern":"string","lookbackPeriod":"24h","timeout":"180s","timestampField":"@timestamp"}'

Security exceptions

Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.

Exceptions are made up of:

  • Exception containers: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.
  • Exception items: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to true, the rule does not generate an alert.

For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.

You cannot use lists with endpoint rule exceptions.


Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.

Exceptions requirements

Before you can start working with exceptions that use value lists, you must create the .lists and .items data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to Enable and access detections.

Delete Timelines or Timeline templates

DELETE /api/timeline
Api key auth Basic auth

Delete one or more Timelines or Timeline templates.

application/json

Body Required

The IDs of the Timelines or Timeline templates to delete.

  • savedObjectIds array[string] Required

    The list of IDs of the Timelines or Timeline templates to delete

  • searchIds array[string]

    Saved search IDs that should be deleted alongside the timelines

Responses

  • 200

    Indicates the Timeline was successfully deleted.

DELETE /api/timeline 
curl \
 --request DELETE 'https://localhost:5601/api/timeline' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"savedObjectIds":["15c1929b-0af7-42bd-85a8-56e234cc7c4e"],"searchIds":["23f3-43g34g322-e5g5hrh6h-45454","6ce1b592-84e3-4b4a-9552-f189d4b82075"]}'

Retrieve the status of the bulk deletion

GET /s/{spaceId}/api/observability/slos/_bulk_delete/{taskId}
Api key auth Basic auth

Retrieve the status of the bulk deletion operation for SLOs. This endpoint returns the status of the bulk deletion operation, including whether it is completed and the results of the operation.

Headers

  • kbn-xsrf string Required

    Cross-site request forgery protection

Path parameters

  • spaceId string Required

    An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used.

  • taskId string Required

    The task id of the bulk delete operation

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
    • error string

      The error message if the bulk deletion operation failed

    • isDone boolean

      Indicates if the bulk deletion operation is completed

    • results array[object]

      The results of the bulk deletion operation, including the success status and any errors for each SLO

      Hide results attributes Show results attributes object
      • error string

        The error message if the deletion operation failed for this SLO

      • id string

        The ID of the SLO that was deleted

      • success boolean

        The result of the deletion operation for this SLO
  • 400 application/json

    Bad request

    Hide response attributes Show response attributes object
  • 401 application/json

    Unauthorized response

    Hide response attributes Show response attributes object
  • 403 application/json

    Unauthorized response

    Hide response attributes Show response attributes object
GET /s/{spaceId}/api/observability/slos/_bulk_delete/{taskId} 
curl \
 --request GET 'https://localhost:5601/s/default/api/observability/slos/_bulk_delete/8853df00-ae2e-11ed-90af-09bb6422b258' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: string"

Get ingest stream settings Technical Preview

GET /api/streams/{name}/_ingest
Api key auth Basic auth

Fetches the ingest settings of an ingest stream definition

[Required authorization] Route required privileges: read_stream.

application/json

Body

object object

Additional properties are NOT allowed.
GET /api/streams/{name}/_ingest 
curl \
 --request GET 'https://localhost:5601/api/streams/{name}/_ingest' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json"

Get a monitor

GET /api/synthetics/monitors/{id}
Api key auth Basic auth

Path parameters

  • id string Required

    The ID of the monitor.

Responses

  • 200 application/json
  • 404

    If the monitor is not found, the API returns a 404 error.

GET /api/synthetics/monitors/{id} 
curl \
 --request GET 'https://localhost:5601/api/synthetics/monitors/{id}' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response from `GET /api/synthetics/monitors/<id>`. 
{
    "type": "http",
    "enabled": true,
    "alert": {
        "status": {
            "enabled": true
        },
        "tls": {
            "enabled": true
        }
    },
    "schedule": {
        "number": "3",
        "unit": "m"
    },
    "config_id": "a8188705-d01e-4bb6-87a1-64fa5e4b07ec",
    "timeout": "16",
    "name": "am i something",
    "locations": [
        {
            "id": "us_central",
            "label": "North America - US Central",
            "geo": {
                "lat": 41.25,
                "lon": -95.86
            },
            "isServiceManaged": true
        }
    ],
    "namespace": "default",
    "origin": "ui",
    "id": "a8188705-d01e-4bb6-87a1-64fa5e4b07ec",
    "max_attempts": 2,
    "__ui": {
        "is_tls_enabled": false
    },
    "max_redirects": "0",
    "response.include_body": "on_error",
    "response.include_headers": true,
    "check.request.method": "GET",
    "mode": "any",
    "response.include_body_max_bytes": "1024",
    "ipv4": true,
    "ipv6": true,
    "ssl.verification_mode": "full",
    "ssl.supported_protocols": [
        "TLSv1.1",
        "TLSv1.2",
        "TLSv1.3"
    ],
    "revision": 13,
    "created_at": "2023-11-08T08:45:29.334Z",
    "updated_at": "2023-12-18T20:31:44.770Z",
    "url": "https://fast.com"
}