Get a paginated set of alerts Deprecated

GET /api/alerts/alerts/_find
Api key auth Basic auth

Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert params are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.

Query parameters

  • default_search_operator string

    The default operator to use for the simple_query_string.

    Default value is OR.

  • fields array[string]

    The fields to return in the attributes key of the response.

  • filter string

    A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22.

  • has_reference object

    Filters the rules that have a relation with the reference objects with a specific type and identifier.

    Hide has_reference attributes Show has_reference attributes object
    • id string
    • type string
  • page integer

    The page number to return.

    Default value is 1.

  • per_page integer

    The number of alerts to return per page.

    Default value is 20.

  • search_fields string | array[string]

    The fields to perform the simple_query_string parsed query against.

  • sort_field string

    Determines which field is used to sort the results. The field must exist in the attributes key of the response.

  • sort_order string

    Determines the sort order.

    Values are asc or desc. Default value is desc.

Responses

  • 200 application/json

    Indicates a successful call.

    Hide response attributes Show response attributes object
    • data array[object]
      Hide data attributes Show data attributes object
      • actions array[object]
      • alertTypeId string
      • apiKeyOwner string | null
      • createdAt string(date-time)

        The date and time that the alert was created.

      • createdBy string

        The identifier for the user that created the alert.

      • enabled boolean

        Indicates whether the alert is currently enabled.

      • executionStatus object
        Hide executionStatus attributes Show executionStatus attributes object
        • lastExecutionDate string(date-time)
        • status string
      • id string

        The identifier for the alert.

      • muteAll boolean
      • mutedInstanceIds array[string] | null
      • name string

        The name of the alert.

      • notifyWhen string
      • params object

        Additional properties are allowed.

      • schedule object
        Hide schedule attribute Show schedule attribute object
        • interval string
      • scheduledTaskId string
      • tags array[string]
      • throttle string | null
      • updatedAt string
      • updatedBy string | null

        The identifier for the user that updated this alert most recently.

    • page integer
    • perPage integer
    • total integer
  • 401 application/json

    Authorization information is missing or invalid.

    Hide response attributes Show response attributes object
    • error string

      Value is Unauthorized.

    • message string
    • statusCode integer

      Value is 401.
GET /api/alerts/alerts/_find 
curl \
 --request GET 'https://localhost:5601/api/alerts/alerts/_find' \
 --header "Authorization: $API_KEY"