› › ›

获取异常项

编辑

获取异常项

编辑

使用其 id 或 item_id 字段检索异常项。

请求 URL

编辑

GET <kibana 主机>:<端口>/api/exception_lists/items

URL 查询参数

编辑

URL 查询必须包含以下之一

id - GET /api/exception_lists/items?id=<id>
item_id - GET /api/exception_lists/items?item_id=<item_id>

示例请求

编辑

检索 item_id 为 global-allow-processes 的项

GET api/exception_lists/items?item_id=global-allow-processes

响应代码

编辑

200: 表示调用成功。

响应有效负载

编辑

{
  "_tags": [],
  "comments": [
    {
      "comment": "Allowed on all hosts.",
      "created_at": "2020-07-14T13:40:39.804Z",
      "created_by": "elastic"
    }
  ],
  "created_at": "2020-07-14T13:40:39.804Z",
  "created_by": "elastic",
  "description": "Global process allowlist",
  "entries": [
    {
      "field": "process.name",
      "operator": "included",
      "type": "match",
      "value": "housekeeping"
    }
  ],
  "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e",
  "item_id": "global-allow-processes",
  "list_id": "allowed-processes",
  "name": "Host-process global exclusion",
  "namespace_type": "single",
  "tags": [
    "global",
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5",
  "type": "simple",
  "updated_at": "2020-07-14T13:40:39.980Z",
  "updated_by": "elastic"
}

« 获取异常容器导入异常列表 »