kibana-streams
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseKibana Streams
Kibana Streams
Read stream metadata, settings, queries, significant events, and attachments, and manage stream lifecycle (enable,
disable, resync) via the Kibana Streams REST API. Streams are an experimental way to manage data in Kibana — expect API
and behavior changes. This skill covers read operations and lifecycle only; create, update, delete, fork, and
other mutating operations may be added in a later version.
For detailed endpoints and parameters, see references/streams-api-reference.md.
通过Kibana Streams REST API读取流的元数据、设置、查询语句、重要事件和关联资源,并管理流的生命周期(启用、禁用、重新同步)。Streams是Kibana中一种实验性的数据管理方式——API和行为可能会发生变化。本技能仅涵盖读取操作和生命周期管理;创建、更新、删除、分支及其他变更操作可能会在后续版本中添加。
有关详细的端点和参数,请参阅references/streams-api-reference.md。
When to use
适用场景
- Listing all streams or getting a single stream's definition and metadata
- Reading a stream's ingest or query settings
- Listing a stream's queries
- Reading significant events for a stream
- Listing attachments (dashboards, rules, SLOs) linked to a stream
- Enabling, disabling, or resyncing streams
- 列出所有流或获取单个流的定义和元数据
- 读取流的摄入或查询设置
- 列出流的查询语句
- 读取流的重要事件
- 列出与流关联的资源(仪表板、规则、SLO)
- 启用、禁用或重新同步流
Prerequisites
前提条件
| Item | Description |
|---|---|
| Kibana URL | Kibana endpoint (e.g. |
| Authentication | API key or basic auth (see the elasticsearch-authn skill) |
| Privileges | |
Use the space-scoped path when operating in a non-default space.
/s/{space_id}/api/streams| 项 | 说明 |
|---|---|
| Kibana URL | Kibana端点(例如 |
| Authentication | API密钥或基础认证(请参阅elasticsearch-authn技能) |
| Privileges | 读取操作需要 |
在非默认空间操作时,请使用空间作用域路径 。
/s/{space_id}/api/streamsAPI base and headers
API基础路径和请求头
- Base path: or
GETtoPOST(or<kibana_url>/api/streamsfor a space)./s/<space_id>/api/streams - Read operations: Typically do not require extra headers; follow the official API docs for each endpoint.
- Lifecycle operations: ,
POST /api/streams/_disable, and_enableare mutating — send_resync(or equivalent) as required by your Kibana version.kbn-xsrf: true
- 基础路径:向 (或空间路径
<kibana_url>/api/streams)发送/s/<space_id>/api/streams或GET请求。POST - 读取操作:通常不需要额外请求头;请遵循每个端点的官方API文档。
- 生命周期操作:、
POST /api/streams/_disable和_enable属于变更操作——根据你的Kibana版本,需要发送_resync(或等效头信息)。kbn-xsrf: true
Operations (read + lifecycle)
操作(读取 + 生命周期管理)
Read
读取
| Operation | Method | Path |
|---|---|---|
| Get stream list | GET | |
| Get a stream | GET | |
| Get ingest stream settings | GET | |
| Get query stream settings | GET | |
| Get stream queries | GET | |
| Read significant events | GET | |
| Get stream attachments | GET | |
| 操作 | 方法 | 路径 |
|---|---|---|
| 列出所有流 | GET | |
| 获取单个流 | GET | |
| 获取流的摄入设置 | GET | |
| 获取流的查询设置 | GET | |
| 列出流的查询语句 | GET | |
| 读取重要事件 | GET | |
| 获取流的关联资源 | GET | |
Lifecycle
生命周期管理
| Operation | Method | Path |
|---|---|---|
| Disable streams | POST | |
| Enable streams | POST | |
| Resync streams | POST | |
Path parameters: and are the stream identifier (same value; the API docs use both names).
{name}{streamName}| 操作 | 方法 | 路径 |
|---|---|---|
| 禁用流 | POST | |
| 启用流 | POST | |
| 重新同步流 | POST | |
路径参数:和均为流的标识符(值相同;API文档中使用了这两个不同的名称)。
{name}{streamName}Lifecycle and retention (ingest settings)
生命周期与数据保留(摄入设置)
Ingest settings () expose two separate lifecycle areas:
GET /api/streams/{name}/_ingest- Stream lifecycle () — Controls how long the stream's data is retained. Use
ingest.lifecycle(e.g.lifecycle.dsl.data_retention) for explicit retention, or"30d"for child streams. This is what users usually mean when they ask to "set retention", "update retention", or "change the stream's retention".lifecycle.inherit - Failure store lifecycle () — Controls retention of failed documents only (documents that did not process successfully). Users rarely need to change this unless they explicitly mention the failure store or failed-document retention.
ingest.failure_store.lifecycle
When a user asks to set or update retention, target the stream's main lifecycle (),
not the failure store, unless they specifically ask about failure store or failed documents.
lifecycle.dsl.data_retention摄入设置()包含两个独立的生命周期区域:
GET /api/streams/{name}/_ingest- 流生命周期()——控制流数据的保留时长。使用
ingest.lifecycle(例如lifecycle.dsl.data_retention)设置明确的保留时长,或使用"30d"让子流继承设置。当用户要求“设置保留时长”、“更新保留时长”或“更改流的保留策略”时,通常指的是这个设置。lifecycle.inherit - 失败存储生命周期()——仅控制处理失败的文档的保留时长。除非用户明确提到失败存储或失败文档的保留,否则很少需要修改此设置。
ingest.failure_store.lifecycle
当用户要求设置或更新保留时长时,目标是流的主生命周期设置( / ),而非失败存储的保留设置,除非他们明确询问失败存储或失败文档相关内容。
ingest.lifecyclelifecycle.dsl.data_retentionExamples
示例
List streams
列出所有流
bash
curl -X GET "${KIBANA_URL}/api/streams" \
-H "Authorization: ApiKey <base64-api-key>"bash
curl -X GET "${KIBANA_URL}/api/streams" \
-H "Authorization: ApiKey <base64-api-key>"Get a single stream
获取单个流
bash
curl -X GET "${KIBANA_URL}/api/streams/my-stream" \
-H "Authorization: ApiKey <base64-api-key>"bash
curl -X GET "${KIBANA_URL}/api/streams/my-stream" \
-H "Authorization: ApiKey <base64-api-key>"Get stream queries
获取流的查询语句
bash
curl -X GET "${KIBANA_URL}/api/streams/my-stream/queries" \
-H "Authorization: ApiKey <base64-api-key>"bash
curl -X GET "${KIBANA_URL}/api/streams/my-stream/queries" \
-H "Authorization: ApiKey <base64-api-key>"Get significant events or attachments
获取重要事件或关联资源
bash
undefinedbash
undefinedSignificant events
重要事件
curl -X GET "${KIBANA_URL}/api/streams/my-stream/significant_events"
-H "Authorization: ApiKey <base64-api-key>"
-H "Authorization: ApiKey <base64-api-key>"
curl -X GET "${KIBANA_URL}/api/streams/my-stream/significant_events"
-H "Authorization: ApiKey <base64-api-key>"
-H "Authorization: ApiKey <base64-api-key>"
Attachments (dashboards, rules, SLOs linked to the stream)
关联资源(与流关联的仪表板、规则、SLO)
curl -X GET "${KIBANA_URL}/api/streams/my-stream/attachments"
-H "Authorization: ApiKey <base64-api-key>"
-H "Authorization: ApiKey <base64-api-key>"
undefinedcurl -X GET "${KIBANA_URL}/api/streams/my-stream/attachments"
-H "Authorization: ApiKey <base64-api-key>"
-H "Authorization: ApiKey <base64-api-key>"
undefinedDisable, enable, or resync streams
禁用、启用或重新同步流
bash
undefinedbash
undefinedDisable streams (request body per API docs) — warn user and confirm before proceeding
禁用流(请求体请参考API文档)——操作前需提醒用户并确认
curl -X POST "${KIBANA_URL}/api/streams/_disable"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
curl -X POST "${KIBANA_URL}/api/streams/_disable"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
Enable streams
启用流
curl -X POST "${KIBANA_URL}/api/streams/_enable"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
curl -X POST "${KIBANA_URL}/api/streams/_enable"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
Resync streams
重新同步流
curl -X POST "${KIBANA_URL}/api/streams/_resync"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
Check the [Streams API operation pages](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-streams) for
request/response bodies (e.g. request body for \_disable/\_enable/\_resync if required).curl -X POST "${KIBANA_URL}/api/streams/_resync"
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
-H "Authorization: ApiKey <base64-api-key>"
-H "kbn-xsrf: true"
-H "Content-Type: application/json"
-d '{}'
请查阅[Streams API操作页面](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-streams)获取请求/响应体详情(例如`_disable`/`_enable`/`_resync`的请求体,若有需要)。Guidelines
注意事项
- When the user asks to set or update retention, assume they mean the stream's data retention
(/
ingest.lifecycle). Do not change only the failure store retention unless they explicitly ask about the failure store or failed documents.lifecycle.dsl.data_retention - Other mutating operations (create, update, delete, fork, bulk query management, attachment management, and more) are not supported by this skill. See references/streams-api-reference.md for the full list of deferred operations.
- Disabling streams can lead to data loss. Before calling the disable API, warn the user and confirm they understand the risk (and have backed up or no longer need the data).
- Prefer read operations when the user only needs to inspect stream state; use lifecycle APIs when they need to enable, disable, or resync streams.
- 当用户要求设置或更新保留时长时,默认指的是流的数据保留设置(/
ingest.lifecycle)。除非用户明确询问失败存储或失败文档,否则不要仅修改失败存储的保留设置。lifecycle.dsl.data_retention - 其他变更操作(创建、更新、删除、分支、批量查询管理、关联资源管理等)不受本技能支持。完整的待支持操作列表请参阅references/streams-api-reference.md。
- 禁用流可能导致数据丢失。调用禁用API前,需提醒用户并确认他们了解风险(且已备份数据或不再需要该数据)。
- 当用户仅需要查看流的状态时,优先使用读取操作;当用户需要启用、禁用或重新同步流时,使用生命周期API。