search_cases
Search Cases
Search and list Kibana cases for incident tracking. Cases can be associated with alerts, have comments and attachments, and can be synced with external case management systems.
search_cases
Search and list Kibana cases for incident tracking. Cases can be associated with alerts, have comments and attachments, and can be synced with external case management systems.
list_connectors
List all connectors configured in Kibana. Connectors integrate with external services like email, Slack, PagerDuty, webhook, Jira, ServiceNow, Microsoft Teams, and more.
list_roles
List all security roles configured in Kibana. Roles define Elasticsearch and Kibana feature privileges.
export_saved_objects
Export Kibana saved objects in NDJSON format for backup or migration between environments. Specify either object types to export all objects of those types, or provide specific object IDs to export selectively.
list_data_views
List all data views (index patterns) configured in Kibana. Data views define which Elasticsearch indices Kibana queries.
manage_agent_policy
Create, get, update, or delete a Fleet agent policy. Agent policies define agent behavior, integrations, and monitoring configuration.
execute_connector
Test or execute a Kibana connector with specific parameters. Useful for testing connector configuration or sending one-off notifications.
get_kibana_status
Get the current status of the Kibana instance, including overall health, version, and plugin status.
add_case_comment
Add a comment or alert attachment to an existing Kibana case.
get_enrollment_tokens
Get Fleet enrollment API keys used to enroll new Elastic Agents.
manage_case
Create, get, update, or delete a Kibana case. Cases are used for incident tracking and can be associated with alerts and synced with external case management systems.
manage_data_view
Create, get, update, or delete a Kibana data view (index pattern). Data views define which Elasticsearch indices Kibana queries. Supports configuring runtime fields, time fields, field formats, and source filters.
manage_connector
Create, get, update, or delete a Kibana connector. Connectors integrate with external services for rule-triggered notifications. Supported types include email, Slack, PagerDuty, webhook, Jira, ServiceNow, Microsoft Teams, Opsgenie, and more.
manage_saved_object
Get, create, update, or delete a Kibana saved object. Supports dashboards, visualizations, maps, data views, Canvas workpads, and other saved object types. Provide the action to perform along with the object type and ID.
list_spaces
List all Kibana spaces. Spaces organize dashboards and other saved objects into meaningful categories.
manage_slo
Create, get, update, or delete a Kibana Service Level Objective (SLO). Supports KQL, metric custom, and histogram indicator types with occurrences or timeslices budgeting methods.
search_rules
Search and list Kibana alerting rules. Rules monitor conditions and trigger actions when thresholds are met. Supports filtering by search terms and KQL filters.
list_agent_policies
List Fleet agent policies in Kibana. Agent policies define what data agents collect and which integrations they run.
list_fleet_agents
List Elastic Agents managed by Fleet. Shows agent status, policy assignment, version, and host information.
manage_role
Create, get, update, or delete a Kibana security role. Roles define Elasticsearch cluster/index privileges and Kibana feature privileges per space.
search_saved_objects
Search and list Kibana saved objects such as dashboards, visualizations, maps, data views, Canvas workpads, and other saved objects. Use this to find specific objects by type and search term, or to browse all objects of a given type.
manage_space
Create, get, update, or delete a Kibana space. Spaces enable organizing dashboards and other saved objects into meaningful categories. Rules and connectors are isolated to the space in which they were created.
manage_rule
Create, get, update, delete, enable, disable, or mute/unmute a Kibana alerting rule. Rules monitor conditions and trigger actions via connectors when thresholds are met. Supports Elasticsearch query, index threshold, metric threshold, log threshold, and more.
search_slos
Search and list Kibana Service Level Objectives (SLOs). SLOs define reliability targets for services and can use various indicator types.
list_package_policies
List Fleet package policies in Kibana. Package policies attach Elastic integrations, such as Nginx or System, to Fleet agent policies.
manage_default_data_view
Get, set, or unset the default Kibana data view for the current space. The default data view is used when no specific data view is selected.
list_rule_types
List Kibana alerting rule types available to the authenticated user. Use this before creating rules to discover ruleTypeId values, action groups, required license level, and authorized consumers.
list_connector_types
List Kibana connector types available for rules and cases, including license and feature availability. Use this before creating connectors to discover connectorTypeId values and supported features.
manage_rule_snooze
Schedule or delete a Kibana alerting rule snooze schedule. Snooze schedules temporarily suppress rule notifications during maintenance windows or planned downtime.
manage_package_policy
Get, create, update, or delete a Fleet package policy. Package policies attach Elastic integration packages to Fleet agent policies. Provide packagePolicy as the raw Kibana package policy request body for create and update.
Manage Kibana resources and the Elastic Stack visualization layer programmatically. Create, import, export, and organize saved objects such as dashboards, visualizations, and data views across spaces. Configure alerting rules with threshold, query, and metric conditions, and connect them to actions via connectors (email, Slack, PagerDuty, webhook, Jira, ServiceNow, and more). Manage data views (index patterns) that define which Elasticsearch indices Kibana queries. Create and organize spaces to separate dashboards and objects into meaningful categories. Track incidents with cases, define and monitor Service Level Objectives (SLOs), manage Fleet agent policies and enrollments, configure security detection rules for SIEM, and control role-based access with Kibana feature privileges.
Common questions about connecting Kibana to AI agents with Metorial.