获取时间线或时间线模板

编辑

检索所有时间线或时间线模板的列表。

请求 URL

编辑

GET <kibana 主机>:<端口>/api/timelines

URL 查询参数

编辑
名称 类型 描述 必填

only_user_favorite

布尔值

如果设置为 true,则仅返回收藏的时间线/时间线模板。默认为 false

page_index

数字

要返回的页码。默认为 1

page_size

数字

每页返回的项目数。默认为 10

search

字符串

时间线/时间线模板标题或描述中的关键字,用于过滤结果。

sort_field

字符串

用于排序结果的字段。有效值为

  • title
  • description
  • updated
  • created

sort_order

字符串

排序结果的顺序。有效值为

  • asc
  • desc

status

字符串

定义是否返回自定义时间线/时间线模板或 Elastic 预构建模板。有效值为

  • active:返回自定义时间线/时间线模板
  • immutable:返回 Elastic 预构建模板

timeline_type

字符串

定义是否返回时间线或时间线模板。有效值为

  • default:返回时间线
  • template:返回时间线模板

示例请求

编辑

检索所有时间线的列表,并按 updated 字段降序排序

GET api/timelines?page_size=10&page_index=1&sort_field=updated&sort_order=desc&timeline_type=default

响应代码

编辑
200
指示调用成功。

示例响应

编辑
{
  "totalCount": 2,
  "timeline": [
    {
      "savedObjectId": "a3f145ed-262f-488d-b550-334fb16fc4d5",
      "version": "WzEyMTQzLDFd",
      "columns": [
        {
          "columnHeaderType": "not-filtered",
          "id": "@timestamp",
          "type": "date"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "message"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.category"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.action"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "host.name"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "source.ip"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "destination.ip"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "user.name"
        }
      ],
      "dataProviders": [],
      "dataViewId": "security-solution-default",
      "description": "",
      "eqlOptions": {
        "eventCategoryField": "event.category",
        "tiebreakerField": "",
        "timestampField": "@timestamp",
        "query": "",
        "size": 100
      },
      "eventType": "all",
      "excludedRowRendererIds": [],
      "favorite": [],
      "filters": [],
      "indexNames": [
        ".alerts-security.alerts-default",
        "logs-*"
      ],
      "kqlMode": "filter",
      "kqlQuery": {
        "filterQuery": null
      },
      "title": "Another timeline",
      "templateTimelineId": null,
      "templateTimelineVersion": null,
      "dateRange": {
        "start": "2023-12-08T00:00:00.000Z",
        "end": "2024-03-07T11:10:21.475Z"
      },
      "savedQueryId": null,
      "created": 1709810442736,
      "createdBy": "docsuser",
      "updated": 1709810443384,
      "updatedBy": "docsuser",
      "timelineType": "default",
      "status": "active",
      "sort": [
        {
          "columnId": "@timestamp",
          "columnType": "date",
          "esTypes": [
            "date"
          ],
          "sortDirection": "desc"
        }
      ],
      "savedSearchId": null,
      "eventIdToNoteIds": [],
      "noteIds": [],
      "notes": [],
      "pinnedEventIds": [],
      "pinnedEventsSaveObject": []
    },
    {
      "savedObjectId": "cbe6c180-7ef9-414b-b362-748ff7d96b1b",
      "version": "WzEyMTQxLDFd",
      "columns": [
        {
          "columnHeaderType": "not-filtered",
          "id": "@timestamp",
          "type": "date"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "message"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.category"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.action"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "host.name"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "source.ip"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "destination.ip"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "user.name"
        }
      ],
      "dataProviders": [
        {
          "and": [],
          "id": "send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-timeline-1-alert-id-493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584",
          "name": "493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584",
          "enabled": true,
          "excluded": false,
          "kqlQuery": "",
          "queryMatch": {
            "field": "_id",
            "value": "493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584",
            "operator": ":"
          }
        }
      ],
      "dataViewId": null,
      "description": "",
      "eqlOptions": {
        "eventCategoryField": "event.category",
        "tiebreakerField": "",
        "timestampField": "@timestamp",
        "query": "",
        "size": 100
      },
      "eventType": "all",
      "excludedRowRendererIds": [],
      "favorite": [],
      "filters": [],
      "indexNames": [],
      "kqlMode": "filter",
      "kqlQuery": {
        "filterQuery": {
          "kuery": {
            "kind": "kuery",
            "expression": ""
          },
          "serializedQuery": ""
        }
      },
      "title": "Test timeline",
      "templateTimelineId": null,
      "templateTimelineVersion": null,
      "dateRange": {
        "start": "2024-02-20T15:36:41.196Z",
        "end": "2024-02-20T15:46:41.196Z"
      },
      "savedQueryId": null,
      "created": 1709809866827,
      "createdBy": "docsuser",
      "updated": 1709809868011,
      "updatedBy": "docsuser",
      "timelineType": "default",
      "status": "active",
      "sort": [
        {
          "columnId": "@timestamp",
          "columnType": "date",
          "esTypes": [
            "date"
          ],
          "sortDirection": "desc"
        }
      ],
      "savedSearchId": null,
      "eventIdToNoteIds": [],
      "noteIds": [],
      "notes": [],
      "pinnedEventIds": [],
      "pinnedEventsSaveObject": []
    }
  ],
  "defaultTimelineCount": 2,
  "templateTimelineCount": 10,
  "elasticTemplateTimelineCount": 10,
  "customTemplateTimelineCount": 0,
  "favoriteCount": 0
}