Get rule types APIedit
Retrieve a list of rule types that the user is authorized to access.
For the most up-to-date API details, refer to the open API specification. For a preview, check out Alert and rule APIs.
Requestedit
GET <kibana host>:<port>/api/alerting/rule_types
GET <kibana host>:<port>/s/<space_id>/api/alerting/rule_types
Prerequisitesedit
If you have read
privileges for one or more Kibana features, the API response
contains information about the appropriate rule types. For example, there are
rule types associated with the Management > Stack Rules feature,
Analytics > Discover and Machine Learning features, Observability, and
Security features. To get rule types associated with the
Stack Monitoring feature, use the monitoring_user
built-in role.
For more details, refer to Feature privileges.
Descriptionedit
Each rule type includes a list of authorized consumer features. For each feature,
users are authorized to perform either read
or all
operations on rules of
that type. This enables you to determine which rule types you can read, create,
or modify. If you want to create or edit a rule in Kibana, some rule types are
limited to specific features and apps.
Path parametersedit
-
space_id
-
(Optional, string) An identifier for the space. If
space_id
is not provided in the URL, the default space is used.
Response bodyedit
Each rule type has the following properties in the API response:
-
action_groups
-
(array of objects) An explicit list of groups for which the rule type can
schedule actions, each with the action group’s unique ID and human readable name.
Rule
actions
validation uses this configuration to ensure that groups are valid. -
action_variables
- (object) A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
-
authorized_consumers
- (object) The list of the plugins IDs that have access to the rule type.
-
default_action_group_id
- (string) The default ID for the rule type group.
-
does_set_recovery_context
- (boolean) Indicates whether the rule passes context variables to its recovery action.
-
enabled_in_license
- (boolean) Indicates whether the rule type is enabled or disabled based on the subscription.
-
id
- (string) The unique identifier for the rule type.
-
is_exportable
- (boolean) Indicates whether the rule type is exportable in Stack Management > Saved Objects.
-
minimum_license_required
- (string) The subscriptions required to use the rule type.
-
name
- (string) The descriptive name of the rule type.
-
producer
- (string) An identifier for the application that produces this rule type.
-
recovery_action_group
- (object) An action group to use when an alert goes from an active state to an inactive one.
Response codesedit
-
200
- Indicates a successful call.
Examplesedit
GET api/alerting/rule_types
For example, if you have read
privileges for the Observability Logs app,
the API returns the following:
[ { "id":"logs.alert.document.count", "name":"Log threshold", "producer":"logs", "enabled_in_license":true, "recovery_action_group":{ "id":"recovered", "name":"Recovered" }, "action_groups":[ { "id":"logs.threshold.fired", "name":"Fired" }, { "id":"recovered", "name":"Recovered" } ], "default_action_group_id":"logs.threshold.fired", "minimum_license_required":"basic", "is_exportable":true, "rule_task_timeout":"5m", "action_variables":{ "context":[ { "name":"timestamp", "description":"UTC timestamp of when the alert was triggered" }, { "name":"matchingDocuments", "description":"The number of log entries that matched the conditions provided" }, { "name":"conditions", "description":"The conditions that log entries needed to fulfill" }, ... ], "state":[], "params":[] }, "authorized_consumers":{ "logs":{"read":true,"all":false}, "alerts":{"read":true,"all":false} }, "does_set_recovery_context":true } ]