获取时间线或时间线模板
编辑获取时间线或时间线模板
编辑检索所有时间线或时间线模板的列表。
请求 URL
编辑GET <kibana 主机>:<端口>/api/timelines
URL 查询参数
编辑名称 | 类型 | 描述 | 必填 |
---|---|---|---|
|
布尔值 |
如果设置为 |
否 |
|
数字 |
要返回的页码。默认为 |
否 |
|
数字 |
每页要返回的项目数。默认为 |
否 |
|
字符串 |
时间线/时间线模板标题或描述中用于筛选结果的关键字。 |
否 |
|
字符串 |
用于排序结果的字段。有效值为
|
否 |
|
字符串 |
排序结果的顺序。有效值为
|
否 |
|
字符串 |
定义是返回自定义时间线/时间线模板还是 Elastic 预构建模板。有效值为
|
否 |
|
字符串 |
定义是返回时间线还是时间线模板。有效值为
|
否 |
示例请求
编辑检索所有时间线的列表,按 updated
字段降序排序
GET api/timelines?page_size=10&page_index=1&sort_field=updated&sort_order=desc&timeline_type=default
响应代码
编辑-
200
- 指示调用成功。
示例响应
编辑{ "totalCount": 2, "timeline": [ { "savedObjectId": "a3f145ed-262f-488d-b550-334fb16fc4d5", "version": "WzEyMTQzLDFd", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp", "type": "date" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "dataViewId": "security-solution-default", "description": "", "eqlOptions": { "eventCategoryField": "event.category", "tiebreakerField": "", "timestampField": "@timestamp", "query": "", "size": 100 }, "eventType": "all", "excludedRowRendererIds": [], "favorite": [], "filters": [], "indexNames": [ ".alerts-security.alerts-default", "logs-*" ], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "Another timeline", "templateTimelineId": null, "templateTimelineVersion": null, "dateRange": { "start": "2023-12-08T00:00:00.000Z", "end": "2024-03-07T11:10:21.475Z" }, "savedQueryId": null, "created": 1709810442736, "createdBy": "docsuser", "updated": 1709810443384, "updatedBy": "docsuser", "timelineType": "default", "status": "active", "sort": [ { "columnId": "@timestamp", "columnType": "date", "esTypes": [ "date" ], "sortDirection": "desc" } ], "savedSearchId": null, "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] }, { "savedObjectId": "cbe6c180-7ef9-414b-b362-748ff7d96b1b", "version": "WzEyMTQxLDFd", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp", "type": "date" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [ { "and": [], "id": "send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-timeline-1-alert-id-493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584", "name": "493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584", "enabled": true, "excluded": false, "kqlQuery": "", "queryMatch": { "field": "_id", "value": "493f15b2301c94720720fb670a22092f1cc3fd42b0600c6f179f714b1a5b2584", "operator": ":" } } ], "dataViewId": null, "description": "", "eqlOptions": { "eventCategoryField": "event.category", "tiebreakerField": "", "timestampField": "@timestamp", "query": "", "size": 100 }, "eventType": "all", "excludedRowRendererIds": [], "favorite": [], "filters": [], "indexNames": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": { "kuery": { "kind": "kuery", "expression": "" }, "serializedQuery": "" } }, "title": "Test timeline", "templateTimelineId": null, "templateTimelineVersion": null, "dateRange": { "start": "2024-02-20T15:36:41.196Z", "end": "2024-02-20T15:46:41.196Z" }, "savedQueryId": null, "created": 1709809866827, "createdBy": "docsuser", "updated": 1709809868011, "updatedBy": "docsuser", "timelineType": "default", "status": "active", "sort": [ { "columnId": "@timestamp", "columnType": "date", "esTypes": [ "date" ], "sortDirection": "desc" } ], "savedSearchId": null, "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } ], "defaultTimelineCount": 2, "templateTimelineCount": 10, "elasticTemplateTimelineCount": 10, "customTemplateTimelineCount": 0, "favoriteCount": 0 }