Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.16] [BUG] Example response in "Find Cases by Alert" topic is outdated (backport #1695) #1714

Merged
merged 1 commit into from
Mar 10, 2022
Merged

[7.16] [BUG] Example response in "Find Cases by Alert" topic is outdated (backport #1695) #1714

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 19 additions & 10 deletions docs/cases/api/cases-api/cases-api-find-cases-by-alert.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,33 @@
[[cases-api-find-cases-by-alert]]
=== Find Cases by Alert
=== Find cases by alert

Retrieves all case IDs that have a specific alert attached to the cases.
Uses an alert ID (`alert id`) to retrieve the case IDs of any cases the alert is attached to.

NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests].
TIP: The case ID is identical to the case's saved object ID.

NOTE: The case ID refers to the cases saved object ID field.
NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests].

==== Request URL

`GET <kibana host>:<port>/api/cases/alerts/<alert ID>`
`GET <kibana host>:<port>/api/cases/alerts/<alert id>`

===== URL parts

The URL must include the `alert ID` of the alert that you are interested in find the associated cases it is attached to.
The URL must include the alert ID, which is used to retrieve any cases the alert is attached to.

===== URL query parameters

[width="100%",options="header"]
|==============================================
|Name |Type |Description |Required

|`owner` |String or String[] |A filter to limit the retrieved case IDs to a specific set of applications. If this parameter is omitted, the response will contain all case IDs that the user has access to read. |No
|`owner` |String or String[] |A filter to limit the retrieved case IDs to a specific set of applications. If you omit this parameter, the response will contain every case ID that the user has `read` access to. |No

|==============================================

===== Example request

Returns all case IDs with the alert `293f1bc0-74f6-11ea-b83a-553aecdb28b6` attached to them:
Returns case IDs with the alert ID `293f1bc0-74f6-11ea-b83a-553aecdb28b6` attached to them:

[source,sh]
--------------------------------------------------
Expand All @@ -42,11 +42,20 @@ GET api/cases/alerts/293f1bc0-74f6-11ea-b83a-553aecdb28b6

==== Response payload

A JSON array listing the retrieved case IDs.
A JSON array containing any case IDs associated with the specified alert. Case titles are also retrieved.

===== Example response

[source,json]
--------------------------------------------------
["8af6ac20-74f6-11ea-b83a-553aecdb28b6", "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2"]
[
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"title": "Test 1"
},
{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"title": "Test 2"
}
]
--------------------------------------------------