更新时间线或时间线模板
编辑更新时间线或时间线模板
编辑更新现有时间线或时间线模板。
使用 timeline
对象的 timelineType
字段指定您正在更新时间线还是时间线模板
-
"timelineType": "default"
更新现有时间线。 -
"timelineType": "template"
更新现有时间线模板。
请求 URL
编辑PATCH <kibana 主机>:<端口>/api/timeline
请求正文
编辑定义时间线或时间线模板查询和时间过滤器的 JSON 对象。
有关时间线对象架构及其相应的 UI 组件的详细信息,请参阅 时间线架构。
名称 | 类型 | 描述 | 必填 |
---|---|---|---|
|
您正在更新的时间线或时间线模板的 如果您正在更新时间线模板,请提供这些字段,以便您可以轻松 导入模板 更新
|
是 |
|
|
字符串 |
您正在更新的时间线或时间线模板的 |
是 |
|
字符串 |
您正在更新的时间线或时间线模板的版本。 |
是 |
示例请求
编辑示例 1
更新现有时间线。
PATCH api/timeline { "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "created": 1587468588922, "createdBy": "casetester", "updated": 1587468588922, "updatedBy": "casetester", "timelineType": "default" }, "timelineId": "4bc294e0-3516-11ee-9f62-49614d8a84fd", "version": "WzE5MTUsMV0=" }
示例 2
更新现有时间线模板。
PATCH api/timeline { "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "timelineType": "template", "created": 1587473119992, "createdBy": "casetester", "updated": 1587473119992, "updatedBy": "casetester", "templateTimelineId": "6f9a3480-bf4f-11ea-9fcd-ed4e5fd0dcd1", "templateTimelineVersion": 2 }, "timelineId": "7d7d4b60-3516-11ee-9f62-49614d8a84fd", "version": "WzE5MTcsMV0=" }
响应代码
编辑-
200
- 表示调用成功。
响应有效负载
编辑具有唯一 savedObjectId
及其 version
的 JSON 时间线对象。
示例 1
已更新时间线的响应有效负载
{ "data": { "persistTimeline": { "code": 200, "message": "success", "timeline": { "savedObjectId": "4bc294e0-3516-11ee-9f62-49614d8a84fd", "version": "WzE5MTgsMV0=", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "dataViewId": null, "description": "", "eventType": "all", "excludedRowRendererIds": [], "favorite": [], "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "templateTimelineId": null, "templateTimelineVersion": null, "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "created": 1587468588922, "createdBy": "casetester", "updated": 1691408201273, "updatedBy": "elastic", "timelineType": "default", "status": "active", "sort": [ { "sortDirection": "desc", "columnId": "@timestamp" } ], "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } } } }
示例 2
已更新时间线模板的响应有效负载
{ "data": { "persistTimeline": { "code": 200, "message": "success", "timeline": { "savedObjectId": "7d7d4b60-3516-11ee-9f62-49614d8a84fd", "version": "WzE5MTksMV0=", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "dataViewId": null, "description": "", "eventType": "all", "excludedRowRendererIds": [], "favorite": [], "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "templateTimelineId": "6f9a3480-bf4f-11ea-9fcd-ed4e5fd0dcd1", "templateTimelineVersion": 2, "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "created": 1587473119992, "createdBy": "casetester", "updated": 1691408702104, "updatedBy": "elastic", "timelineType": "template", "status": "active", "sort": [ { "sortDirection": "desc", "columnId": "@timestamp" } ], "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } } } }