Kibana | Composio Docs

Overview

SLUG: KIBANA

Description

Kibana is a visualization and analytics platform for Elasticsearch, offering dashboards, data exploration, and monitoring capabilities for gaining insights from data

Authentication Details

Basic Auth

full

stringDefaults to https://localhost:5601Required

username

stringRequired

password

stringRequired

API Key

full

stringDefaults to https://localhost:5601Required

generic_api_key

stringRequired

Connecting to Kibana

Create an auth config

Use the dashboard to create an auth config for the Kibana toolkit. This allows you to connect multiple Kibana accounts to Composio for agents to use.

Select App

Navigate to Kibana.

Configure Auth Config Settings

Select among the supported auth schemes of and configure them here.

Create and Get auth config ID

Click “Create Kibana Auth Config”. After creation, copy the displayed ID starting with ac_. This is your auth config ID. This is not a sensitive ID — you can save it in environment variables or a database. This ID will be used to create connections to the toolkit for a given user.

Connect Your Account

Using Basic Auth

1 from composio import Composio
2 from composio.types import auth_scheme
3 
4 # Replace these with your actual values
5 kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID"
6 user_id = "user@example.com"
7 username = "your_kibana_username"
8 password = "your_kibana_password"
9 
10 composio = Composio()
11 
12 # Create a new connected account for Kibana using Basic Auth
13 connection_request = composio.connected_accounts.initiate(
14     user_id=user_id,
15     auth_config_id=kibana_auth_config_id,
16     config=auth_scheme.basic_auth(
17         username=username,
18         password=password
19     )
20 )
21 
22 # Basic authentication is immediate - no redirect needed
23 print(f"Successfully connected Kibana for user {user_id}")
24 
25 # You can verify the connection using:
26 # connected_account = composio.connected_accounts.get(user_id=user_id, app_id="KIBANA")

Using API Key

1 from composio import Composio
2 
3 # Replace these with your actual values
4 kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID" # Auth config ID created above
5 user_id = "0000-0000-0000"  # UUID from database/app
6 
7 composio = Composio()
8 
9 def authenticate_toolkit(user_id: str, auth_config_id: str):
10     # Replace this with a method to retrieve an API key from the user.
11     # Or supply your own.
12     user_api_key = input("[!] Enter API key")
13 
14     connection_request = composio.connected_accounts.initiate(
15         user_id=user_id,
16         auth_config_id=auth_config_id,
17         config={"auth_scheme": "API_KEY", "val": user_api_key}
18     )
19 
20     # API Key authentication is immediate - no redirect needed
21     print(f"Successfully connected Kibana for user {user_id}")
22     print(f"Connection status: {connection_request.status}")
23     
24     return connection_request.id
25 
26 
27 connection_id = authenticate_toolkit(user_id, kibana_auth_config_id)
28 
29 # You can verify the connection using:
30 connected_account = composio.connected_accounts.get(connection_id)
31 print(f"Connected account: {connected_account}")

Tools

Executing tools

To prototype you can execute some tools to see the responses and working on the Kibana toolkit’s playground

OpenAI (Python)

Anthropic (TypeScript)

Google (Python)

Vercel (TypeScript)

Python

1 from composio import Composio
2 from openai import OpenAI
3 import json
4 
5 openai = OpenAI()
6 composio = Composio()
7 
8 # User ID must be a valid UUID format
9 user_id = "0000-0000-0000"  # Replace with actual user UUID from your database
10 
11 tools = composio.tools.get(user_id=user_id, toolkits=["KIBANA"])
12 
13 print("[!] Tools:")
14 print(json.dumps(tools))
15 
16 def invoke_llm(task = "What can you do?"):
17     completion = openai.chat.completions.create(
18         model="gpt-4o",
19         messages=[
20             {
21                 "role": "user",
22                 "content": task,  # Your task here!
23             },
24         ],
25         tools=tools,
26     )
27 
28     # Handle Result from tool call
29     result = composio.provider.handle_tool_calls(user_id=user_id, response=completion)
30     print(f"[!] Completion: {completion}")
31     print(f"[!] Tool call result: {result}")
32 
33 invoke_llm()

Tool List

KIBANA_DELETE_ACTION

Tool Name: Delete Action

Description

Tool to delete an action in kibana. use when you need to remove a specific action by its id, optionally within a specific space.

Action Parameters

action_id

stringRequired

space_id

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_ALERTING_RULES

Tool Name: Delete Alerting Rule

Description

Tool to delete an alerting rule in kibana. use when you need to remove a specific alerting rule by its id.

Action Parameters

stringRequired

kbn_xsrf

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_CONNECTORS

Tool Name: Delete Connector

Description

Tool to delete a connector in kibana. use when you need to remove an existing connector.

Action Parameters

stringRequired

space_id

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_FLEET_OUTPUT

Tool Name: Delete Fleet Output

Description

Tool to delete a specific output configuration in kibana fleet. use when you need to remove an existing output by its id.

Action Parameters

elastic_api_version

stringDefaults to 2023-10-31

kbn_xsrf

stringDefaults to true

output_id

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_FLEET_PROXY

Tool Name: Delete Fleet Proxy

Description

Tool to delete a specific fleet proxy configuration by its id. use when you need to remove an existing proxy setup.

Action Parameters

kbnXsrf

stringDefaults to true

proxyId

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_LIST

Tool Name: Delete List

Description

Deletes a list. use when you want to delete a list by its id.

Action Parameters

delete_references

boolean

stringRequired

ignore_references

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_OSQUERY_SAVED_QUERIES

Tool Name: Delete Osquery Saved Query

Description

Tool to delete a saved osquery query by its id. use when you need to remove a specific osquery saved query.

Action Parameters

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_DELETE_SAVED_OBJECTS

Tool Name: Delete Saved Object

Description

Tool to delete a saved object in kibana. use when you need to remove a specific saved object like a visualization or dashboard.

Action Parameters

force

boolean

stringRequired

kbn_xsrf

stringDefaults to true

type

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_FIND_ALERTS

Tool Name: Find Kibana Alerts

Description

Tool to find and/or aggregate detection alerts in kibana. use this to retrieve a list of alerts, optionally filtering them with a query and performing aggregations.

Action Parameters

aggs

object

query

objectRequired

runtime_mappings

object

size

integer

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_ACTION_TYPES

Tool Name: Get Action Types

Description

Tool to fetch the list of available action types (e.g., '.slack', '.email', '.webhook') in kibana. use this to discover the 'actiontypeid' needed when creating a new action.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_ALERTING_RULES

Tool Name: Get Alerting Rules

Description

Tool to retrieve a list of alerting rules in kibana. use when you need to get a paginated set of rules based on specified conditions.

Action Parameters

default_search_operator

stringDefaults to OR

fields

array

filter

string

filter_consumers

array

has_reference

object

page

integerDefaults to 1

per_page

integerDefaults to 10

string

search_fields

array

sort_field

string

sort_order

string

Action Response

data

arrayRequired

error

string

page

integerRequired

per_page

integerRequired

successful

booleanRequired

total

integerRequired

KIBANA_GET_ALERT_TYPES

Tool Name: Get Alert Types

Description

Tool to retrieve available alert types in kibana. use when you need to get a list of all possible alert types and their metadata.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_CASES

Tool Name: Get Cases

Description

Tool to retrieve a list of cases in kibana. use when you need to find or list existing security or operational cases, potentially filtering by various attributes like status, assignee, or severity.

Action Parameters

assignees

array

defaultSearchOperator

string

from_date_param

string

owner

array

page

integerDefaults to 1

perPage

integerDefaults to 20

reporters

array

string

searchFields

array

severity

string

sortField

stringDefaults to createdAt

sortOrder

stringDefaults to desc

status

string

KIBANA_GET_CONNECTORS

Tool Name: Get All Connectors

Description

Tool to retrieve a list of all connectors in kibana. use this tool when you need to get information about available connectors.

Action Parameters

space_id

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_DATA_VIEWS

Tool Name: Get Data Views

Description

Tool to retrieve a list of data views available in kibana. use when you need to get a list of available data views, optionally filtering by a name pattern.

Action Parameters

pattern

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_DETECTION_ENGINE_RULES_FIND

Tool Name: Find Detection Engine Rules

Description

Retrieves a list of detection engine rules based on specified criteria. use this tool to find detection rules.

Action Parameters

fields

array

filter

string

gaps_range_end

string

gaps_range_start

string

page

integerDefaults to 1

per_page

integerDefaults to 20

sort_field

string

sort_order

stringDefaults to desc

Action Response

data

arrayRequired

error

string

page

integerRequired

perPage

integerRequired

successful

booleanRequired

total

integerRequired

KIBANA_GET_ENDPOINT_LIST_ITEMS

Tool Name: Get Endpoint List Items

Description

Tool to retrieve all items from an endpoint exception list. use when you need to get a list of endpoint exceptions, for example, to check existing exceptions before adding a new one.

Action Parameters

filter

string

page

integer

per_page

integer

sort_field

string

sort_order

string

Action Response

data

arrayRequired

error

string

page

integerRequired

per_page

integerRequired

pit

string

successful

booleanRequired

total

integerRequired

KIBANA_GET_ENTITY_STORE_ENGINES

Tool Name: Get Entity Store Engines

Description

Retrieves the list of engines from the entity store.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_ENTITY_STORE_ENTITIES_LIST

Tool Name: List Entity Store Entities

Description

Tool to list entity records in the entity store with support for paging, sorting, and filtering. use when you need to retrieve a list of entities such as users, hosts, or services.

Action Parameters

entity_types

arrayRequired

filterQuery

string

page

integer

per_page

integer

sort_field

string

sort_order

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_ENTITY_STORE_STATUS

Tool Name: Get Entity Store Status

Description

Tool to retrieve the status of the entity store in kibana. use this to check if the entity store is operational.

Action Parameters

Action Response

data

object

error

string

successful

booleanRequired

KIBANA_GET_FLEET_AGENTS_AVAILABLE_VERSIONS

Tool Name: Get Fleet Agents Available Versions

Description

Tool to retrieve the available versions for fleet agents. use when you need to get a list of all available elastic agent versions.

Action Parameters

elastic-api-version

stringDefaults to 2023-10-31

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_AGENTS_SETUP_STATUS

Tool Name: Get Fleet Agents Setup Status

Description

Tool to check if the fleet agents are set up. use when you need to verify the fleet agent setup status.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_AGENT_POLICIES

Tool Name: Get Fleet Agent Policies

Description

Fetches a list of agent policies in fleet. use when you need to retrieve agent policy configurations.

Action Parameters

kuery

string

page

integer

perPage

integer

sortField

string

sortOrder

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_CHECK_PERMISSIONS

Tool Name: Check Fleet Permissions

Description

Tool to check the permissions for the fleet api. use when you need to verify if the current user has the necessary privileges for fleet operations.

Action Parameters

elastic-api-version

stringDefaults to 2023-10-31

fleetServerSetup

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_DATA_STREAMS

Tool Name: Get Fleet Data Streams

Description

Retrieves the list of data streams in fleet.

Action Parameters

datasetQuery

string

elastic-api-version

stringDefaults to 2023-10-31

sortOrder

string

type

string

uncategorisedOnly

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_ENROLLMENT_API_KEY

Tool Name: Get Fleet Enrollment API Key

Description

Tool to retrieve details of a specific enrollment api key by its id. use when you have the id of an enrollment api key and need its details.

Action Parameters

key_id

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_ENROLLMENT_API_KEYS

Tool Name: Get Fleet Enrollment API Keys

Description

Tool to fetch a list of enrollment api keys. use when you need to retrieve existing enrollment tokens for kibana fleet.

Action Parameters

page

integer

perPage

integer

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_CATEGORIES

Tool Name: Get Fleet EPM Categories

Description

Tool to fetch the list of categories in the elastic package manager. use when you need to retrieve available package categories.

Action Parameters

elastic_api_version

stringDefaults to 2023-10-31

include_policy_templates

boolean

prerelease

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_DATA_STREAMS

Tool Name: Get Fleet EPM Data Streams

Description

Tool to retrieve the list of data streams in the elastic package manager. use when you need to get a list of available data streams, optionally filtering by type, dataset, or categorization.

Action Parameters

datasetQuery

string

elastic-api-version

stringDefaults to 2023-10-31

sortOrder

stringDefaults to asc

type

string

uncategorisedOnly

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_PACKAGES

Tool Name: Get Fleet EPM Packages

Description

Tool to fetch the list of available packages in the elastic package manager. use when you need to find available integrations or their details.

Action Parameters

KIBANA_GET_FLEET_EPM_PACKAGES_INSTALLED

Tool Name: Get Installed EPM Packages

Description

Tool to retrieve the list of installed packages in the elastic package manager. use this when you need to check which packages are currently installed in fleet.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_PACKAGES_LIMITED

Tool Name: Get Fleet EPM Packages (Limited)

Description

Tool to fetch a limited list of packages from the elastic package manager. use when you need to retrieve a list of available epm packages with minimal details.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_PACKAGE_DETAILS

Tool Name: Get Fleet EPM Package Details

Description

Tool to fetch details of a specific package and version in the elastic package manager (epm). use when you need to get information about a particular epm package, such as its title, description, or type.

Action Parameters

package_name

stringRequired

package_version

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_PACKAGE_FILE

Tool Name: Get Fleet EPM Package File

Description

Tool to retrieve a specific file from a package in the elastic package manager. use when you need to inspect the contents of a package file.

Action Parameters

filePath

stringRequired

pkgName

stringRequired

pkgVersion

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_EPM_PACKAGE_STATS

Tool Name: Get EPM Package Statistics

Description

Tool to retrieve statistics for a specific package in the elastic package manager. use when you need to get epm package statistics.

Action Parameters

package_name

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_PACKAGE_POLICIES

Tool Name: Get Fleet Package Policies

Description

Tool to retrieve a list of all package policies (agent & epm), providing their ids and associated details. use when you need to get an overview of existing package policies.

Action Parameters

format

string

kuery

string

page

integer

perPage

integer

showUpgradeable

boolean

sortField

string

sortOrder

string

withAgentCount

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_SERVER_HOST

Tool Name: Get Fleet Server Host

Description

Tool to fetch details of a specific fleet server host by its item id. use when you need to get information about a particular fleet server host.

Action Parameters

elastic_api_version

stringDefaults to 2023-10-31

host_id

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_FLEET_SERVER_HOSTS

Tool Name: Get Fleet Server Hosts

Description

Tool to retrieve the list of fleet server hosts. use when you need to get information about the available fleet server hosts.

Action Parameters

page

integerDefaults to 1

perPage

integerDefaults to 20

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_INDEX_MANAGEMENT_INDICES

Tool Name: Get Index Management Indices

Description

Tool to fetch information about indices managed by kibana's index management feature. it queries the underlying elasticsearch / cat/indices api to retrieve index details. use when you need to list or get details about one or more indices in the cluster.

Action Parameters

bytes

string

expand_wildcards

string

health

string

index

string

pri

boolean

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_METRICS

Tool Name: Get Node Metrics

Description

Tool to retrieve statistics for nodes in an elasticsearch cluster, often visualized in kibana. use when you need to monitor node health, performance, or resource usage. this action calls the elasticsearch nodes stats api.

Action Parameters

completion_fields

string

fielddata_fields

string

fields

string

groups

boolean

include_segment_file_sizes

boolean

include_unloaded_segments

boolean

level

string

metric

string

node_id

string

timeout

string

types

string

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_REPORTING_JOBS

Tool Name: Get Reporting Jobs

Description

Tool to retrieve a list of reporting jobs in kibana. use when you need to see pending or completed reports. this uses an internal api endpoint, which might be subject to change without notice.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_SAVED_OBJECTS

Tool Name: Get Saved Objects

Description

Tool to retrieve a list of saved objects in kibana based on specified criteria. use when you need to find dashboards, visualizations, index patterns, or other saved entities.

Action Parameters

default_search_operator

string

fields

array

filter

string

has_reference

object

page

integerDefaults to 1

per_page

integerDefaults to 20

root_search_fields

array

string

search_fields

array

sort_field

string

sort_order

string

type

stringRequired

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_GET_STATUS

Tool Name: Get Kibana Status

Description

Tool to get the current status of kibana. use when you need to check if kibana is healthy, monitor its state, or get information about the kibana instance including version, uuid, and metrics.

Action Parameters

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_POST_ALERTING_RULES

Tool Name: Create Alerting Rule

Description

Tool to create a new alerting rule in kibana. use when you need to define a new condition that, when met, triggers an alert and potentially executes predefined actions.

Action Parameters

actions

array

consumer

stringRequired

enabled

booleanDefaults to True

name

stringRequired

notify_when

stringRequired

params

objectRequired

rule_id

string

rule_type_id

stringRequired

schedule

objectRequired

KIBANA_POST_CASES

Tool Name: Create Case

Description

Tool to create a new case in kibana. use when you need to open and track issues, incidents, or investigations. you can assign users, set severity levels, add tags, and configure external connectors for integration with itsm systems.

Action Parameters

assignees

array

KIBANA_POST_CONNECTORS

Tool Name: Create Kibana Connector

Description

Tool to create a new connector in kibana. use when you need to integrate kibana with an external service.

Action Parameters

config

object

connector_type_id

stringRequired

kbn-xsrf

stringDefaults to true

name

stringRequired

secrets

object

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_POST_DASHBOARDS

Tool Name: Create Dashboard

Description

Tool to create a new dashboard in kibana. use when you need to create a dashboard to visualize data. dashboards can contain visualizations, saved searches, and other embeddable objects.

Action Parameters

attributes

objectRequired

dashboard_id

string

references

array

spaces

array

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_POST_DATA_VIEWS

Tool Name: Create Data View

Description

Tool to create a new data view (index pattern) in kibana. use when you need to define which elasticsearch indices to query and analyze in kibana. data views determine which fields are available in discover, visualize, and other kibana apps.

Action Parameters

data_view

objectRequired

override

boolean

Action Response

data

objectRequired

error

string

successful

booleanRequired

KIBANA_POST_SAVED_OBJECTS

Tool Name: Create or Update Saved Object

Description

Tool to create or update a saved object in kibana. use when you need to programmatically manage kibana dashboards, visualizations, index patterns, etc.

Action Parameters

attributes

objectRequired

object_id

string

object_type

stringRequired

overwrite

boolean

references

array

space_id

stringDefaults to default

Action Response

data

objectRequired

error

string

successful

booleanRequired