更新时间线或时间线模板

编辑

更新现有时间线或时间线模板。

使用 timeline 对象的 timelineType 字段指定您正在更新时间线还是时间线模板

  • "timelineType": "default" 更新现有时间线。
  • "timelineType": "template" 更新现有时间线模板。

请求 URL

编辑

PATCH <kibana 主机>:<端口>/api/timeline

请求正文

编辑

定义时间线或时间线模板查询和时间过滤器的 JSON 对象。

有关时间线对象架构及其相应的 UI 组件的详细信息,请参阅 时间线架构

名称 类型 描述 必填

timeline

timeline

您正在更新的时间线或时间线模板的 timeline 对象。

如果您正在更新时间线模板,请提供这些字段,以便您可以轻松 导入模板 更新

  • templateTimelineId:使用您正在更新的时间线模板的唯一标识符 (UUID)。
  • templateTimelineVersion:为模板指定一个新的版本号。它必须大于现有版本号。

timelineId

字符串

您正在更新的时间线或时间线模板的 savedObjectId

version

字符串

您正在更新的时间线或时间线模板的版本。

示例请求

编辑

示例 1

更新现有时间线。

PATCH api/timeline
{
  "timeline": {
    "columns": [
      {
        "columnHeaderType": "not-filtered",
        "id": "@timestamp"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "message"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "event.category"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "event.action"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "host.name"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "source.ip"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "destination.ip"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "user.name"
      }
    ],
    "dataProviders": [],
    "description": "",
    "eventType": "all",
    "filters": [],
    "kqlMode": "filter",
    "kqlQuery": {
      "filterQuery": null
    },
    "title": "abd",
    "dateRange": {
      "start": 1587370079200,
      "end": 1587456479201
    },
    "savedQueryId": null,
    "sort": {
      "columnId": "@timestamp",
      "sortDirection": "desc"
    },
    "created": 1587468588922,
    "createdBy": "casetester",
    "updated": 1587468588922,
    "updatedBy": "casetester",
    "timelineType": "default"
  },
  "timelineId": "4bc294e0-3516-11ee-9f62-49614d8a84fd", 
  "version": "WzE5MTUsMV0=" 
}

timelineId 必须与您正在更新的时间线的 savedObjectId 相匹配。

version 必须与您正在更新的时间线的 version 相匹配。

示例 2

更新现有时间线模板。

PATCH api/timeline
{
  "timeline": {
    "columns": [
      {
        "columnHeaderType": "not-filtered",
        "id": "@timestamp"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "message"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "event.category"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "event.action"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "host.name"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "source.ip"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "destination.ip"
      },
      {
        "columnHeaderType": "not-filtered",
        "id": "user.name"
      }
    ],
    "dataProviders": [],
    "description": "",
    "eventType": "all",
    "filters": [],
    "kqlMode": "filter",
    "kqlQuery": {
      "filterQuery": null
    },
    "title": "abd",
    "dateRange": {
      "start": 1587370079200,
      "end": 1587456479201
    },
    "savedQueryId": null,
    "sort": {
      "columnId": "@timestamp",
      "sortDirection": "desc"
    },
    "timelineType": "template",
    "created": 1587473119992,
    "createdBy": "casetester",
    "updated": 1587473119992,
    "updatedBy": "casetester",
    "templateTimelineId": "6f9a3480-bf4f-11ea-9fcd-ed4e5fd0dcd1", 
    "templateTimelineVersion": 2 
  },
  "timelineId": "7d7d4b60-3516-11ee-9f62-49614d8a84fd", 
  "version": "WzE5MTcsMV0=" 
}

templateTimelineId 必须与您正在更新的时间线模板的 templateTimelineId 相匹配。

templateTimelineVersion 必须是大于现有时间线模板版本的时间线模板版本。

timelineId 必须与您正在更新的时间线模板的 savedObjectId 相匹配。

version 必须与您正在更新的时间线模板的 version 相匹配。

响应代码

编辑
200
表示调用成功。

响应有效负载

编辑

具有唯一 savedObjectId 及其 version 的 JSON 时间线对象。

示例 1

已更新时间线的响应有效负载

{
  "data": {
    "persistTimeline": {
      "code": 200,
      "message": "success",
      "timeline": {
        "savedObjectId": "4bc294e0-3516-11ee-9f62-49614d8a84fd",
        "version": "WzE5MTgsMV0=",
        "columns": [
          {
            "columnHeaderType": "not-filtered",
            "id": "@timestamp"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "message"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "event.category"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "event.action"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "host.name"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "source.ip"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "destination.ip"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "user.name"
          }
        ],
        "dataProviders": [],
        "dataViewId": null,
        "description": "",
        "eventType": "all",
        "excludedRowRendererIds": [],
        "favorite": [],
        "filters": [],
        "kqlMode": "filter",
        "kqlQuery": {
          "filterQuery": null
        },
        "title": "abd",
        "templateTimelineId": null,
        "templateTimelineVersion": null,
        "dateRange": {
          "start": 1587370079200,
          "end": 1587456479201
        },
        "savedQueryId": null,
        "created": 1587468588922,
        "createdBy": "casetester",
        "updated": 1691408201273,
        "updatedBy": "elastic",
        "timelineType": "default",
        "status": "active",
        "sort": [
          {
            "sortDirection": "desc",
            "columnId": "@timestamp"
          }
        ],
        "eventIdToNoteIds": [],
        "noteIds": [],
        "notes": [],
        "pinnedEventIds": [],
        "pinnedEventsSaveObject": []
      }
    }
  }
}

示例 2

已更新时间线模板的响应有效负载

{
  "data": {
    "persistTimeline": {
      "code": 200,
      "message": "success",
      "timeline": {
        "savedObjectId": "7d7d4b60-3516-11ee-9f62-49614d8a84fd",
        "version": "WzE5MTksMV0=",
        "columns": [
          {
            "columnHeaderType": "not-filtered",
            "id": "@timestamp"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "message"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "event.category"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "event.action"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "host.name"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "source.ip"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "destination.ip"
          },
          {
            "columnHeaderType": "not-filtered",
            "id": "user.name"
          }
        ],
        "dataProviders": [],
        "dataViewId": null,
        "description": "",
        "eventType": "all",
        "excludedRowRendererIds": [],
        "favorite": [],
        "filters": [],
        "kqlMode": "filter",
        "kqlQuery": {
          "filterQuery": null
        },
        "title": "abd",
        "templateTimelineId": "6f9a3480-bf4f-11ea-9fcd-ed4e5fd0dcd1",
        "templateTimelineVersion": 2,
        "dateRange": {
          "start": 1587370079200,
          "end": 1587456479201
        },
        "savedQueryId": null,
        "created": 1587473119992,
        "createdBy": "casetester",
        "updated": 1691408702104,
        "updatedBy": "elastic",
        "timelineType": "template",
        "status": "active",
        "sort": [
          {
            "sortDirection": "desc",
            "columnId": "@timestamp"
          }
        ],
        "eventIdToNoteIds": [],
        "noteIds": [],
        "notes": [],
        "pinnedEventIds": [],
        "pinnedEventsSaveObject": []
      }
    }
  }
}