通过 savedObjectId 获取时间线或时间线模板
编辑通过 savedObjectId 获取时间线或时间线模板
编辑使用 savedObjectId
获取单个时间线或时间线模板的详细信息。
请求 URL
编辑GET <kibana 主机>:<端口>/api/timeline?id=<savedObjectId>
URL 查询参数
编辑名称 | 类型 | 描述 | 必填 |
---|---|---|---|
|
字符串 |
现有时间线或时间线模板的 |
是 |
示例请求
编辑检索 savedObjectId
值为 9115e3bc-444c-4c91-b844-c62717253c4e
的时间线模板的详细信息
GET /api/timeline?id=9115e3bc-444c-4c91-b844-c62717253c4e
响应代码
编辑-
200
- 表示调用成功。
示例响应
编辑{ "data": { "getOneTimeline": { "savedObjectId": "9115e3bc-444c-4c91-b844-c62717253c4e", "version": "WzQwMjYsMV0=", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp", "type": "date" }, { "columnHeaderType": "not-filtered", "id": "signal.rule.name" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [ { "excluded": false, "and": [ { "excluded": false, "kqlQuery": "", "name": "user.name", "queryMatch": { "displayValue": "{user.name}", "field": "user.name", "displayField": "user.name", "value": "{user.name}", "operator": ":" }, "id": "timeline-1-6a1ffe5f-6188-4cf3-915d-e53c2563a1bf", "type": "template", "enabled": true } ], "kqlQuery": "", "name": "signal", "queryMatch": { "field": "event.kind", "value": "signal", "operator": ":" }, "id": "timeline-1-ac9b7ab7-0fea-4724-864c-19122139b08f", "type": "default", "enabled": true } ], "dataViewId": null, "description": "", "eventType": "all", "excludedRowRendererIds": [], "favorite": [], "filters": [], "indexNames": [ ".alerts-*" ], "kqlMode": "filter", "title": "Alerts Involving a Single User Timeline", "templateTimelineId": "3e827bab-838a-469f-bd1e-5e19a2bff2fd", "templateTimelineVersion": 1, "dateRange": { "start": "2024-02-19T15:42:52.325Z", "end": "2024-02-20T15:42:52.325Z" }, "savedQueryId": null, "created": 1708443772325, "createdBy": "Elastic", "updated": 1708443772325, "updatedBy": "Elastic", "timelineType": "template", "status": "immutable", "sort": [ { "esTypes": [ "date" ], "columnType": "date", "sortDirection": "desc", "columnId": "@timestamp" } ], "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } } }