Get pack APIedit
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Retrieve a single pack by ID.
Requestedit
GET <kibana host>:<port>/api/osquery/packs/<id>
GET <kibana host>:<port>/s/<space_id>/api/osquery/packs/<id>
Path parametersedit
-
space_id
-
(Optional, string) The space identifier. When
space_id
is not provided in the URL, the default space is used. -
id
- (Required, string) The ID of the pack you want to retrieve.
Response codeedit
-
200
- Indicates a successful call.
-
404
- The specified pack and ID doesn’t exist.
Exampleedit
Retrieve the pack object with the bbe5b070-0c51-11ed-b0f8-ad31b008e832
ID:
$ curl -X GET api/osquery/packs/bbe5b070-0c51-11ed-b0f8-ad31b008e832
The API returns the pack object:
{ "data": { "id": "bbe5b070-0c51-11ed-b0f8-ad31b008e832", "type": "osquery-pack", "namespaces": [ "default" ], "updated_at": "2022-07-25T20:12:01.455Z", "name": "test_pack", "queries": { "uptime": { "interval": 3600, "query": "select * from uptime", "ecs_mapping": { "message": { "field": "days" } } } }, "enabled": true, "created_at": "2022-07-25T19:41:10.263Z", "created_by": "elastic", "updated_by": "elastic", "description": "", "policy_ids": [], "read_only": false # true for prebuilt packs } }