Analytics & Data

Kibana

Learn how to use Kibana with Composio

Overview

SLUG: KIBANA

Description

Kibana is a visualization and analytics platform for Elasticsearch, offering dashboards, data exploration, and monitoring capabilities for gaining insights from data

Authentication Details

full
stringRequired
username
stringRequired
password
stringRequired
full
stringRequired
generic_api_key
stringRequired

Connecting to Kibana

Create an auth config

Use the dashboard to create an auth config for the Kibana toolkit. This allows you to connect multiple Kibana accounts to Composio for agents to use.

1

Select App

Navigate to Kibana.

2

Configure Auth Config Settings

Select among the supported auth schemes of and configure them here.

3

Create and Get auth config ID

Click “Create Kibana Auth Config”. After creation, copy the displayed ID starting with ac_. This is your auth config ID. This is not a sensitive ID — you can save it in environment variables or a database. This ID will be used to create connections to the toolkit for a given user.

Connect Your Account

Using Basic Auth

1from composio import Composio
2from composio.types import auth_scheme
3
4# Replace these with your actual values
5kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID"
6user_id = "user@example.com"
7username = "your_kibana_username"
8password = "your_kibana_password"
9
10composio = Composio()
11
12# Create a new connected account for Kibana using Basic Auth
13connection_request = composio.connected_accounts.initiate(
14    user_id=user_id,
15    auth_config_id=kibana_auth_config_id,
16    config=auth_scheme.basic_auth(
17        username=username,
18        password=password
19    )
20)
21
22# Basic authentication is immediate - no redirect needed
23print(f"Successfully connected Kibana for user {user_id}")
24
25# You can verify the connection using:
26# connected_account = composio.connected_accounts.get(user_id=user_id, app_id="KIBANA")

Using API Key

1from composio import Composio
2
3# Replace these with your actual values
4kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID" # Auth config ID created above
5user_id = "0000-0000-0000"  # UUID from database/app
6
7composio = Composio()
8
9def authenticate_toolkit(user_id: str, auth_config_id: str):
10    # Replace this with a method to retrieve an API key from the user.
11    # Or supply your own.
12    user_api_key = input("[!] Enter API key")
13
14    connection_request = composio.connected_accounts.initiate(
15        user_id=user_id,
16        auth_config_id=auth_config_id,
17        config={"auth_scheme": "API_KEY", "val": {"generic_api_key": user_api_key}}
18    )
19
20    # API Key authentication is immediate - no redirect needed
21    print(f"Successfully connected Kibana for user {user_id}")
22    print(f"Connection status: {connection_request.status}")
23    
24    return connection_request.id
25
26
27connection_id = authenticate_toolkit(user_id, kibana_auth_config_id)
28
29# You can verify the connection using:
30connected_account = composio.connected_accounts.get(connection_id)
31print(f"Connected account: {connected_account}")

Tools

Executing tools

To prototype you can execute some tools to see the responses and working on the Kibana toolkit’s playground

For code examples, see the Tool calling guide and Provider examples.

Tool List

Tool Name: Delete Action

Description

Tool to delete an action in Kibana. Use when you need to remove a specific action by its ID, optionally within a specific space.

Action Parameters

action_id
stringRequired
space_id

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Alerting Rule

Description

Tool to delete an alerting rule in Kibana. Use when you need to remove a specific alerting rule by its ID.

Action Parameters

id
stringRequired
kbn_xsrf
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Connector

Description

Tool to delete a connector in Kibana. Use when you need to remove an existing connector.

Action Parameters

id
stringRequired
space_id

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Fleet Output

Description

Tool to delete a specific output configuration in Kibana Fleet. Use when you need to remove an existing output by its ID.

Action Parameters

elastic_api_version
Defaults to 2023-10-31
kbn_xsrf
stringDefaults to true
output_id
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Fleet Proxy

Description

Tool to delete a specific Fleet proxy configuration by its ID. Use when you need to remove an existing proxy setup.

Action Parameters

kbnXsrf
stringDefaults to true
proxyId
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete List

Description

Deletes a list. Use when you want to delete a list by its ID.

Action Parameters

delete_references
id
stringRequired
ignore_references

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Osquery Saved Query

Description

Tool to delete a saved Osquery query by its ID. Use when you need to remove a specific Osquery saved query.

Action Parameters

id
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Delete Saved Object

Description

Tool to delete a saved object in Kibana. Use when you need to remove a specific saved object like a visualization or dashboard.

Action Parameters

force
id
stringRequired
kbn_xsrf
stringDefaults to true
type
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Find Kibana Alerts

Description

Tool to find and/or aggregate detection alerts in Kibana. Use this to retrieve a list of alerts, optionally filtering them with a query and performing aggregations.

Action Parameters

aggs
query
objectRequired
runtime_mappings
size

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Action Types

Description

Tool to fetch the list of available action types (e.g., '.slack', '.email', '.webhook') in Kibana. Use this to discover the 'actionTypeId' needed when creating a new action.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Alerting Rules

Description

Tool to retrieve a list of alerting rules in Kibana. Use when you need to get a paginated set of rules based on specified conditions.

Action Parameters

default_search_operator
Defaults to OR
fields
filter
filter_consumers
has_reference
page
Defaults to 1
per_page
Defaults to 10
search
search_fields
sort_field
sort_order

Action Response

data
arrayRequired
error
page
integerRequired
per_page
integerRequired
successful
booleanRequired
total
integerRequired

Tool Name: Get Alert Types

Description

Tool to retrieve available alert types in Kibana. Use when you need to get a list of all possible alert types and their metadata.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Cases

Description

Tool to retrieve a list of cases in Kibana. Use when you need to find or list existing security or operational cases, potentially filtering by various attributes like status, assignee, or severity.

Action Parameters

assignees
defaultSearchOperator
from_date_param
owner
page
Defaults to 1
perPage
Defaults to 20
reporters
search
searchFields
severity
sortField
Defaults to createdAt
sortOrder
Defaults to desc
status
tags
to_date_param

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get All Connectors

Description

Tool to retrieve a list of all connectors in Kibana. Use this tool when you need to get information about available connectors.

Action Parameters

space_id

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Data Views

Description

Tool to retrieve a list of data views available in Kibana. Use when you need to get a list of available data views, optionally filtering by a name pattern.

Action Parameters

pattern

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Find Detection Engine Rules

Description

Retrieves a list of detection engine rules based on specified criteria. Use this tool to find detection rules.

Action Parameters

fields
filter
gaps_range_end
gaps_range_start
page
Defaults to 1
per_page
Defaults to 20
sort_field
sort_order
Defaults to desc

Action Response

data
arrayRequired
error
page
integerRequired
perPage
integerRequired
successful
booleanRequired
total
integerRequired

Tool Name: Get Endpoint List Items

Description

Tool to retrieve all items from an endpoint exception list. Use when you need to get a list of endpoint exceptions, for example, to check existing exceptions before adding a new one.

Action Parameters

filter
page
per_page
sort_field
sort_order

Action Response

data
arrayRequired
error
page
integerRequired
per_page
integerRequired
pit
successful
booleanRequired
total
integerRequired

Tool Name: Get Entity Store Engines

Description

Retrieves the list of engines from the entity store.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: List Entity Store Entities

Description

Tool to list entity records in the entity store with support for paging, sorting, and filtering. Use when you need to retrieve a list of entities such as users, hosts, or services.

Action Parameters

entity_types
arrayRequired
filterQuery
page
per_page
sort_field
sort_order

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Entity Store Status

Description

Tool to retrieve the status of the entity store in Kibana. Use this to check if the entity store is operational.

Action Parameters

Action Response

data
error
successful
booleanRequired

Tool Name: Get Fleet Agent Policies

Description

Fetches a list of agent policies in Fleet. Use when you need to retrieve agent policy configurations.

Action Parameters

kuery
page
perPage
sortField
sortOrder

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Agents Available Versions

Description

Tool to retrieve the available versions for Fleet agents. Use when you need to get a list of all available Elastic Agent versions.

Action Parameters

elastic-api-version
Defaults to 2023-10-31

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Agents Setup Status

Description

Tool to check if the Fleet agents are set up. Use when you need to verify the Fleet agent setup status.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Check Fleet Permissions

Description

Tool to check the permissions for the Fleet API. Use when you need to verify if the current user has the necessary privileges for Fleet operations.

Action Parameters

elastic-api-version
Defaults to 2023-10-31
fleetServerSetup

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Data Streams

Description

Retrieves the list of data streams in Fleet.

Action Parameters

datasetQuery
elastic-api-version
Defaults to 2023-10-31
sortOrder
type
uncategorisedOnly

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Enrollment API Key

Description

Tool to retrieve details of a specific enrollment API key by its ID. Use when you have the ID of an enrollment API key and need its details.

Action Parameters

key_id
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Enrollment API Keys

Description

Tool to fetch a list of enrollment API keys. Use when you need to retrieve existing enrollment tokens for Kibana Fleet.

Action Parameters

page
perPage

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Categories

Description

Tool to fetch the list of categories in the Elastic Package Manager. Use when you need to retrieve available package categories.

Action Parameters

elastic_api_version
Defaults to 2023-10-31
include_policy_templates
prerelease

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Data Streams

Description

Tool to retrieve the list of data streams in the Elastic Package Manager. Use when you need to get a list of available data streams, optionally filtering by type, dataset, or categorization.

Action Parameters

datasetQuery
elastic-api-version
Defaults to 2023-10-31
sortOrder
Defaults to asc
type
uncategorisedOnly

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Package Details

Description

Tool to fetch details of a specific package and version in the Elastic Package Manager (EPM). Use when you need to get information about a particular EPM package, such as its title, description, or type.

Action Parameters

package_name
stringRequired
package_version
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Package File

Description

Tool to retrieve a specific file from a package in the Elastic Package Manager. Use when you need to inspect the contents of a package file.

Action Parameters

filePath
stringRequired
pkgName
stringRequired
pkgVersion
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Packages

Description

Tool to fetch the list of available packages in the Elastic Package Manager. Use when you need to find available integrations or their details.

Action Parameters

category
excludeInstallStatus
prerelease

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Installed EPM Packages

Description

Tool to retrieve the list of installed packages in the Elastic Package Manager. Use this when you need to check which packages are currently installed in Fleet.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet EPM Packages (Limited)

Description

Tool to fetch a limited list of packages from the Elastic Package Manager. Use when you need to retrieve a list of available EPM packages with minimal details.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get EPM Package Statistics

Description

Tool to retrieve statistics for a specific package in the Elastic Package Manager. Use when you need to get EPM package statistics.

Action Parameters

package_name
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Package Policies

Description

Tool to retrieve a list of all package policies (Agent & EPM), providing their IDs and associated details. Use when you need to get an overview of existing package policies.

Action Parameters

format
kuery
page
perPage
showUpgradeable
sortField
sortOrder
withAgentCount

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Server Host

Description

Tool to fetch details of a specific Fleet server host by its item ID. Use when you need to get information about a particular Fleet Server host.

Action Parameters

elastic_api_version
Defaults to 2023-10-31
host_id
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Fleet Server Hosts

Description

Tool to retrieve the list of Fleet Server hosts. Use when you need to get information about the available Fleet Server hosts.

Action Parameters

page
Defaults to 1
perPage
Defaults to 20

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Index Management Indices

Description

Tool to fetch information about indices managed by Kibana's Index Management feature. It queries the underlying Elasticsearch /_cat/indices API to retrieve index details. Use when you need to list or get details about one or more indices in the cluster.

Action Parameters

bytes
expand_wildcards
h
health
index
pri
s

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Node Metrics

Description

Tool to retrieve statistics for nodes in an Elasticsearch cluster, often visualized in Kibana. Use when you need to monitor node health, performance, or resource usage. This action calls the Elasticsearch Nodes Stats API.

Action Parameters

completion_fields
fielddata_fields
fields
groups
include_segment_file_sizes
include_unloaded_segments
level
metric
node_id
timeout
types

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Reporting Jobs

Description

Tool to retrieve a list of reporting jobs in Kibana. Use when you need to see pending or completed reports. This uses an internal API endpoint, which might be subject to change without notice.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Saved Objects

Description

Tool to retrieve a list of saved objects in Kibana based on specified criteria. Use when you need to find dashboards, visualizations, index patterns, or other saved entities.

Action Parameters

default_search_operator
fields
filter
has_reference
page
Defaults to 1
per_page
Defaults to 20
root_search_fields
search
search_fields
sort_field
sort_order
type
Required

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Get Kibana Status

Description

Tool to get the current status of Kibana. Use when you need to check if Kibana is healthy, monitor its state, or get information about the Kibana instance including version, UUID, and metrics.

Action Parameters

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create Alerting Rule

Description

Tool to create a new alerting rule in Kibana. Use when you need to define a new condition that, when met, triggers an alert and potentially executes predefined actions.

Action Parameters

actions
consumer
stringRequired
enabled
Defaults to True
name
stringRequired
notify_when
stringRequired
params
objectRequired
rule_id
rule_type_id
stringRequired
schedule
objectRequired
tags
throttle

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create Case

Description

Tool to create a new case in Kibana. Use when you need to open and track issues, incidents, or investigations. You can assign users, set severity levels, add tags, and configure external connectors for integration with ITSM systems.

Action Parameters

assignees
category
connector
Required
customFields
description
stringRequired
owner
stringRequired
settings
objectRequired
severity
Defaults to low
tags
array
title
stringRequired

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create Kibana Connector

Description

Tool to create a new connector in Kibana. Use when you need to integrate Kibana with an external service.

Action Parameters

config
connector_type_id
stringRequired
id
stringRequired
kbn-xsrf
stringDefaults to true
name
stringRequired
secrets

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create Dashboard

Description

Tool to create a new dashboard in Kibana. Use when you need to create a dashboard to visualize data. Dashboards can contain visualizations, saved searches, and other embeddable objects.

Action Parameters

attributes
objectRequired
dashboard_id
references
spaces

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create Data View

Description

Tool to create a new data view (index pattern) in Kibana. Use when you need to define which Elasticsearch indices to query and analyze in Kibana. Data views determine which fields are available in Discover, Visualize, and other Kibana apps.

Action Parameters

data_view
objectRequired
override

Action Response

data
objectRequired
error
successful
booleanRequired

Tool Name: Create or Update Saved Object

Description

Tool to create or update a saved object in Kibana. Use when you need to programmatically manage Kibana dashboards, visualizations, index patterns, etc.

Action Parameters

attributes
objectRequired
object_id
object_type
stringRequired
overwrite
references
space_id
Defaults to default

Action Response

data
objectRequired
error
successful
booleanRequired