How to curl elastic or kibana api for alerts?
-
I am learning to use the ELK stack. Both kibana and elasticsearch are installed on my localhost. I just learnt how to install metricbeat and how to set up alerts. When setting up the alerts, I used the index connector, and called my index testconnector.
I see the alerts showing up in my web browser when i go to
http://localhost:5601/app/observability/alerts.Is there a way for me to get the same information via REST API? i tried all these endpoints but they all say "no handler found for uri"
curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/api/index_management/indices" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/api/alert" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/api/alert/_search" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/api/alert/_find" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/alert/_search" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/alert/_find" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/kibana/api/alerting" curl -X GET -k -u elasticuser:elasticpass "http://localhost:9200/testconnector/_search"If anyone can tell me how to get the alerts (not the rules) through a REST API, that will be great!
-
I figured it out. First, you can get a list of all the rules from kibana api (as opposed to elastic api) like this:
curl -X GET -k -u elasticuser:elasticpass "http://localhost:5601/api/alerting/rules/_find"The list of rules also contains some execution status of each rule. Meaning some are active, some are ok, some are recovered etc... So right off the bat, I have what I need related to the alerts associated with each rule.
If I need more details, I can grab the rule id and get more details with this curl
curl -X GET -k -u elasticuser:elasticpass "http://localhost:5601/api/alerting/rule/"All the API endpoints for rule and alert management can be found here: https://www.elastic.co/guide/en/kibana/current/alerting-apis.html
