diff --git a/reference/fleet/fleet-api-docs.md b/reference/fleet/fleet-api-docs.md index e2382999ee..93379ab363 100644 --- a/reference/fleet/fleet-api-docs.md +++ b/reference/fleet/fleet-api-docs.md @@ -1,6 +1,7 @@ --- mapped_pages: - https://www.elastic.co/guide/en/fleet/current/fleet-api-docs.html +description: Send Fleet API requests with the Kibana Console or cURL. Reference examples cover agent policies, integration policies, enrollment tokens, agent listing, KQL filters, and manual rollback. applies_to: stack: ga serverless: ga @@ -11,16 +12,26 @@ products: # Kibana Fleet APIs [fleet-api-docs] -You can find details for all available {{fleet}} API endpoints in the [Kibana API docs]({{kib-apis}}). For {{serverless-full}} projects, check the [Kibana Serverless API docs]({{kib-serverless-apis}}). +This page provides cURL and {{kib}} Console examples for commonly used {{fleet}} APIs, including agent policies, integration policies, enrollment tokens, agent listing, KQL filtering, and agent rollback. -In this section, we provide examples of some commonly used {{fleet}} APIs. +For full endpoint specifications, parameters, and response schemas, refer to the [Kibana API docs]({{kib-apis}}). For {{serverless-full}} projects, use the [Kibana Serverless API docs]({{kib-serverless-apis}}). + + +## Before you begin [fleet-api-before-you-begin] + +You'll need: + +* A running {{kib}} deployment or {{serverless-full}} project with {{fleet}} available +* The {{kib}} host URL for your deployment (for example, `https://my-kibana-host:9243`) +* Authentication credentials for {{kib}} API requests. API key authentication is recommended. For details, refer to [Authentication]({{kib-apis}}authentication). +* A {{kib}} user with the required {{fleet}} and {{integrations}} privileges. For details, refer to [Roles and privileges](/reference/fleet/fleet-roles-privileges.md). ## Using the Console [using-the-console] You can run {{fleet}} API requests through the {{kib}} Console. -1. Open the {{kib}} menu and go to **Management → Dev Tools**. +1. From the {{kib}} menu, go to **Management → Dev Tools**. 2. In your request, prepend your {{fleet}} API endpoint with `kbn:`, for example: ```sh @@ -28,17 +39,12 @@ You can run {{fleet}} API requests through the {{kib}} Console. ``` -For more detail about using the {{kib}} Console refer to [Run API requests](/explore-analyze/query-filter/tools/console.md). - - -## Authentication [authentication] - -Authentication is required to send {{fleet}} API requests. For more information, refer to [Authentication]({{kib-apis}}authentication). +For more details about using the {{kib}} Console, refer to [Run API requests](/explore-analyze/query-filter/tools/console.md). ## Create agent policy [create-agent-policy-api] -To create a new agent policy in {{fleet}}, call `POST /api/fleet/agent_policies`. +To create an agent policy in {{fleet}}, call `POST /api/fleet/agent_policies`. This cURL example creates an agent policy called `Agent policy 1` in the default namespace. @@ -96,7 +102,7 @@ Example response: } ``` -1. Make a note of the policy ID. You’ll need the policy ID to add integration policies. +1. Note the policy ID. You need it to add integration policies. @@ -109,7 +115,7 @@ You can use the {{fleet}} API to [Create and customize an {{elastic-defend}} pol :::: -This cURL example creates an integration policy for Nginx and adds it to the agent policy created in the previous example: +This cURL example creates an integration policy for Nginx and adds it to the agent policy you created in [Create agent policy](#create-agent-policy-api): ```shell curl --request POST \ @@ -414,10 +420,10 @@ Example response (formatted for readability): ## List all {{agents}} [list-agents-api] -Use the [Get agents API]({{kib-apis}}operation/operation-get-fleet-agents) to retrieve a list of currently enrolled {{agents}}: +Use the [Get agents API]({{kib-apis}}operation/operation-get-fleet-agents) to retrieve a list of enrolled {{agents}}: ```shell -curl -X GET 'http://:@/api/fleet/agents +curl -X GET 'http://:@/api/fleet/agents' ``` By default, a maximum of 10,000 agents are returned, with 20 agents listed per page. @@ -461,24 +467,40 @@ curl -X GET 'http://:@/api/fleet/agents?perPage=10000&se ``` +## Filter results with KQL [filter-results-with-kql] + +The {{fleet}} list endpoints for agents, agent policies, package policies, and enrollment tokens accept a `kuery` query parameter that takes a [{{kib}} Query Language (KQL)](elasticsearch://reference/query-languages/kql.md) string to filter results. To check whether another endpoint accepts `kuery`, refer to its parameters in the [Kibana API docs]({{kib-apis}}). + +Reference each field by the saved object type that stores it. {{fleet}} stores package policies as `ingest-package-policies` objects, so to filter package policies by integration name, query the `ingest-package-policies.package.name` field. + +This cURL example returns only the package policies for the `nginx` integration: + +```shell +curl --request GET \ + --url 'https://my-kibana-host:9243/api/fleet/package_policies?kuery=ingest-package-policies.package.name:nginx' \ + --header 'Authorization: ApiKey yourbase64encodedkey' \ + --header 'kbn-xsrf: xx' +``` + +For the full query syntax, including wildcards, ranges, and boolean operators, refer to [{{kib}} Query Language (KQL)](elasticsearch://reference/query-languages/kql.md). + + ## Manually roll back an {{agent}} upgrade [agent-rollback-api] ```{applies_to} stack: ga 9.3+ ``` -The manual rollback feature for {{agent}} gives you the ability to roll back to the previously installed version if the install artifacts are still available on disk--typically seven days after the upgrade. +The manual rollback feature for {{agent}} lets you roll back to the previously installed version if the install artifacts are still available on disk (typically seven days after the upgrade). -To roll back a single agent: - :Call `POST /api/fleet/agents/{agentID}/rollback`. +To roll back a single agent, call `POST /api/fleet/agents/{agentID}/rollback`. -To roll back multiple agents: - :Call `POST /api/fleet/agents/bulk_rollback`. +To roll back multiple agents, call `POST /api/fleet/agents/bulk_rollback`. ### Limitations for manual rollback [rollback-limitations-api] -These limitations apply for the manual rollback feature: +These limitations apply for the manual rollback feature: -* Rollback is limited to the version running _before_ the upgrade. Both the previously and currently running versions must be 9.3.0 or later for this functionality to be available. +* Rollback is limited to the version running _before_ the upgrade. Both the pre-upgrade and post-upgrade versions must be 9.3.0 or later for this functionality to be available. * Data required for the rollback is stored on disk for seven days, which can impact available disk space. * Rollback must be performed within seven days of the upgrade. Rollback data is automatically cleaned up after seven days and becomes unavailable. * Manual rollback is not available for system-managed packages such as DEB and RPM. @@ -489,6 +511,25 @@ These limitations apply for the manual rollback feature: If no version is available on disk to rollback to, you get an error. This situation can happen if: -- the version you upgraded from is earlier than 9.3.0, as the feature is not supported for earlier versions. +- The version you upgraded from is earlier than 9.3.0, as the feature is not supported for earlier versions. + +- The rollback window has ended (typically more than seven days). When the rollback window ends, the files from the previous version are removed to free up disk space. + + +## Next steps [fleet-api-next-steps] + +After you create agent and integration policies with the API: + +* [Enroll {{agents}}](/reference/fleet/fleet-enrollment-tokens.md) using enrollment tokens from your agent policy +* [Manage {{agents}} in {{fleet}}](/reference/fleet/manage-elastic-agents-in-fleet.md) to monitor status and policy assignments +* [Create an agent policy without using the UI](/reference/fleet/create-policy-no-ui.md) for automation use cases + + +## Related pages [fleet-api-related-pages] -- the rollback window has ended (typically more than seven days). When the rollback window ends, the files from the previous version are removed to free up disk space. +* [Kibana API docs]({{kib-apis}}) +* [Run API requests](/explore-analyze/query-filter/tools/console.md) +* [Roles and privileges](/reference/fleet/fleet-roles-privileges.md) +* [Fleet enrollment tokens](/reference/fleet/fleet-enrollment-tokens.md) +* [Grant standalone {{agents}} access to {{es}}](/reference/fleet/grant-access-to-elasticsearch.md) +* [{{kib}} Query Language (KQL)](elasticsearch://reference/query-languages/kql.md)