通过 savedObjectId 获取时间线或时间线模板

编辑

通过 savedObjectId 获取时间线或时间线模板编辑

使用 savedObjectId 获取单个时间线或时间线模板的详细信息。

请求 URL编辑

GET <kibana 主机>:<端口>/api/timeline?id=<savedObjectId>

URL 查询参数编辑

名称 类型 描述 必需

id

字符串

现有时间线或时间线模板的 savedObjectId

示例请求编辑

检索 savedObjectId 值为 9115e3bc-444c-4c91-b844-c62717253c4e 的时间线模板的详细信息。

GET /api/timeline?id=9115e3bc-444c-4c91-b844-c62717253c4e

响应代码编辑

200
表示调用成功。

示例响应编辑

{
  "data": {
    "getOneTimeline": {
      "savedObjectId": "9115e3bc-444c-4c91-b844-c62717253c4e",
      "version": "WzQwMjYsMV0=",
      "columns": [
        {
          "columnHeaderType": "not-filtered",
          "id": "@timestamp",
          "type": "date"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "signal.rule.name"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "message"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.category"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "event.action"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "host.name"
        },
        {
          "columnHeaderType": "not-filtered",
          "id": "user.name"
        }
      ],
      "dataProviders": [
        {
          "excluded": false,
          "and": [
            {
              "excluded": false,
              "kqlQuery": "",
              "name": "user.name",
              "queryMatch": {
                "displayValue": "{user.name}",
                "field": "user.name",
                "displayField": "user.name",
                "value": "{user.name}",
                "operator": ":"
              },
              "id": "timeline-1-6a1ffe5f-6188-4cf3-915d-e53c2563a1bf",
              "type": "template",
              "enabled": true
            }
          ],
          "kqlQuery": "",
          "name": "signal",
          "queryMatch": {
            "field": "event.kind",
            "value": "signal",
            "operator": ":"
          },
          "id": "timeline-1-ac9b7ab7-0fea-4724-864c-19122139b08f",
          "type": "default",
          "enabled": true
        }
      ],
      "dataViewId": null,
      "description": "",
      "eventType": "all",
      "excludedRowRendererIds": [],
      "favorite": [],
      "filters": [],
      "indexNames": [
        ".alerts-*"
      ],
      "kqlMode": "filter",
      "title": "Alerts Involving a Single User Timeline",
      "templateTimelineId": "3e827bab-838a-469f-bd1e-5e19a2bff2fd",
      "templateTimelineVersion": 1,
      "dateRange": {
        "start": "2024-02-19T15:42:52.325Z",
        "end": "2024-02-20T15:42:52.325Z"
      },
      "savedQueryId": null,
      "created": 1708443772325,
      "createdBy": "Elastic",
      "updated": 1708443772325,
      "updatedBy": "Elastic",
      "timelineType": "template",
      "status": "immutable",
      "sort": [
        {
          "esTypes": [
            "date"
          ],
          "columnType": "date",
          "sortDirection": "desc",
          "columnId": "@timestamp"
        }
      ],
      "eventIdToNoteIds": [],
      "noteIds": [],
      "notes": [],
      "pinnedEventIds": [],
      "pinnedEventsSaveObject": []
    }
  }
}