Connect Kibana to Definable AI

Kibana is a visualization and analytics platform for Elasticsearch, offering dashboards, data exploration, and monitoring capabilities for gaining insights from data

About Kibana

Kibana is a productivity tool. Connect it to Definable AI with one-click OAuth2 — no API keys or custom code required.

What you can automate with Kibana

Use Definable AI's agent platform to trigger workflows from Kibana, process results with 50+ AI models, and sync data across 900+ connected apps.

Tools & Actions (49 available)

  • Check Fleet Permissions: Tool to check the permissions for the Fleet API. Use when you need to verify if the current user has the necessary privileges for Fleet operations.
  • Create Alerting Rule: Tool to create a new alerting rule in Kibana. Use when you need to define a new condition that, when met, triggers an alert and potentially executes predefined actions.
  • Create Case: Tool to create a new case in Kibana. Use when you need to open and track issues, incidents, or investigations. You can assign users, set severity levels, add tags, and configure external connectors for integration with ITSM systems.
  • Create Dashboard: Tool to create a new dashboard in Kibana. Use when you need to create a dashboard to visualize data. Dashboards can contain visualizations, saved searches, and other embeddable objects. Note: When using serverless Kibana, you must provide a dashboard_id. The action will automatically fallback to the import API for serverless environments.
  • Create Data View: Tool to create a new data view (index pattern) in Kibana. Use when you need to define which Elasticsearch indices to query and analyze in Kibana. Data views determine which fields are available in Discover, Visualize, and other Kibana apps.
  • Create Kibana Connector: Tool to create a new connector in Kibana. Use when you need to integrate Kibana with an external service.
  • Create or Update Saved Object: Tool to create or update a saved object in Kibana. Use when you need to programmatically manage Kibana dashboards, visualizations, index patterns, etc.
  • Delete Action: Tool to delete an action in Kibana. Use when you need to remove a specific action by its ID, optionally within a specific space.
  • Delete Alerting Rule: Tool to delete an alerting rule in Kibana. Use when you need to remove a specific alerting rule by its ID.
  • Delete Connector: Tool to delete a connector in Kibana. Use when you need to remove an existing connector.
  • Delete Fleet Output: Tool to delete a specific output configuration in Kibana Fleet. Use when you need to remove an existing output by its ID.
  • Delete Fleet Proxy: Deletes a Fleet proxy configuration by its unique identifier. Fleet proxies enable agents to communicate through proxy servers. Use this action to remove proxy configurations that are no longer needed. The proxy must not be in use by any agent policies or outputs before deletion. Requires 'fleet-settings-all' privileges in Kibana.
  • Delete List: Deletes a list. Use when you want to delete a list by its ID.
  • Delete Osquery Saved Query: Delete a saved Osquery query by its saved object ID. Use this to remove a specific Osquery saved query from Kibana. IMPORTANT: This action requires the 'saved_object_id' (UUID format), not the custom 'id' field. You can obtain the saved_object_id by listing queries first or from the response when creating a query.
  • Delete Saved Object: Tool to delete a saved object in Kibana. Use when you need to remove a specific saved object like a visualization or dashboard.
  • Find Detection Engine Rules: Retrieves a paginated list of Kibana detection engine rules with flexible filtering and sorting options. Use this action to: - List all detection rules in your Kibana security solution - Search for specific rules using KQL filters (by name, tags, severity, enabled status, etc.) - Sort rules by various criteria (name, risk score, creation date, etc.) - Paginate through large rule sets - Select specific fields to return for efficient data retrieval The detection engine rules are used for identifying security threats and generating alerts.
  • Find Kibana Alerts: Tool to find and/or aggregate detection alerts in Kibana. Use this to retrieve a list of alerts, optionally filtering them with a query and performing aggregations.
  • Get Action Types: Retrieves all available connector types (actions) in Kibana. Connector types (also called action types) are integrations like Slack, Email, Webhook, ServiceNow, etc. that can be used with alerting rules, cases, and workflows. Use this to discover which connector types are available and their requirements (license, features) before creating a new connector instance. Returns detailed information about each connector type including: - ID (e.g., '.slack', '.email', '.webhook') - Display name and enabled status - License requirements (basic, gold, platinum, enterprise) - Supported features (alerting, cases, workflows, etc.) - Configuration and deprecation status
  • Get Alerting Rules: Tool to retrieve a list of alerting rules in Kibana. Use when you need to get a paginated set of rules based on specified conditions.
  • Get All Connectors: Tool to retrieve a list of all connectors in Kibana. Use this tool when you need to get information about available connectors.
  • Get Cases: Tool to retrieve a list of cases in Kibana. Use when you need to find or list existing security or operational cases, potentially filtering by various attributes like status, assignee, or severity.
  • Get Data Views: Retrieves all data views (formerly known as index patterns) available in Kibana. Data views define which Elasticsearch indices you want to explore and are used throughout Kibana for features like Discover, Visualize, and Dashboard. This action returns a list of all configured data views with their IDs, names, and index patterns. Use this to discover available data sources before querying specific data views for detailed field information.
  • Get EPM Package Statistics: Retrieves usage statistics for a specific Fleet package in Kibana, including the number of package policies and agent policies using the package. Use this to understand package adoption and usage across your Fleet-managed agents.
  • Get Endpoint List Items: Retrieves Elastic Endpoint exception list items with filtering, pagination, and sorting capabilities. Use this action to: - List all endpoint exceptions in the security solution - Filter exceptions by specific field values (e.g., host.name:test-host) - Sort and paginate through exception items - Verify existing exceptions before creating new ones The endpoint exception list contains security exceptions applied to Elastic Endpoint agents.
  • Get Entity Store Engines: Retrieves all entity store engines configured in Kibana. Entity store engines aggregate and manage entity data for different entity types (user, host, service). This action returns detailed configuration and status information for all engines, including their current status (installing, started, stopped, error), index patterns, processing parameters, and any error details if applicable. Use this to monitor entity store engines, check their operational status, and review their configuration settings.
  • Get Entity Store Status: Retrieves the current status of the Kibana Entity Store and its configured engines. The Entity Store is a security feature that collects and organizes entity data (users, hosts, etc.) from various sources. This action returns the overall status ('not_installed', 'installing', 'running', 'stopped', or 'error') and details about configured entity engines. Use this to check if the entity store is operational and to view which entity engines are configured.
  • Get Fleet Agent Policies: Retrieves a paginated list of Fleet agent policies with filtering, sorting, and optional detailed information. Use this action to: - List all agent policies in your Fleet deployment - Filter policies using KQL queries (e.g., by name, namespace, or other fields) - Get agent enrollment counts per policy (use withAgentCount=true) - Retrieve full policy details including package policies (use full=true) - Find policies with available upgrades (use showUpgradeable=true) Agent policies define the configuration for groups of Elastic Agents, including which integrations (package policies) are enabled and how agents should collect and send data.
  • Get Fleet Agents Available Versions: Tool to retrieve the available versions for Fleet agents. Use when you need to get a list of all available Elastic Agent versions.
  • Get Fleet Agents Setup Status: Check Fleet setup readiness and identify missing requirements. Returns whether Fleet is ready (isReady), lists any missing prerequisites (missing_requirements), and shows optional feature availability. Use this to verify Fleet is properly configured before managing agents or policies.
  • Get Fleet Data Streams: Retrieves the list of data streams in Fleet.
  • Get Fleet EPM Categories: Get all available package categories in the Elastic Package Manager (EPM) with package counts. Returns categories like Security, Observability, Cloud, etc., along with the number of packages in each category. Use this to discover available integration categories before browsing or filtering packages.
  • Get Fleet EPM Data Streams: Tool to retrieve the list of data streams in the Elastic Package Manager. Use when you need to get a list of available data streams, optionally filtering by type, dataset, or categorization.
  • Get Fleet EPM Package Details: Retrieves comprehensive details for a specific Fleet integration package version from the Elastic Package Manager (EPM). Returns detailed information including: - Package metadata (name, title, description, version, type) - Installation status and requirements - Data streams and their configurations - Assets (dashboards, visualizations, pipelines) - License and compatibility requirements - Icons and documentation paths Use this action when you need detailed information about a specific package version, such as: - Checking package compatibility requirements - Viewing data streams provided by a package - Accessing package assets and configuration - Verifying installation status and details
  • Get Fleet EPM Package File: Retrieves a specific file from an Elastic Package Manager (EPM) package. Use this to access package metadata, documentation, changelogs, or configuration files. Common use cases: inspecting manifest.yml for package details, reading README.md for documentation, or reviewing changelog.yml for version history. Requires a valid package name, version, and file path.
  • Get Fleet EPM Packages: Tool to fetch the list of available packages in the Elastic Package Manager. Use when you need to find available integrations or their details.
  • Get Fleet EPM Packages (Limited): Retrieves a limited list of package names from the Elastic Package Manager (EPM) registry. Returns only package names (strings) without additional metadata, making it faster than the full packages endpoint. Useful for quickly getting a list of available integration packages (maximum 10,000 items). Use this when you only need package names; use the full packages endpoint if you need detailed package information.
  • Get Fleet Enrollment API Key: Tool to retrieve details of a specific enrollment API key by its ID. Use when you have the ID of an enrollment API key and need its details.
  • Get Fleet Enrollment API Keys: Tool to fetch a list of enrollment API keys. Use when you need to retrieve existing enrollment tokens for Kibana Fleet.
  • Get Fleet Package Policies: Retrieves a list of Fleet package policies (integration policies) in Kibana. Package policies define how integrations are configured and which agent policies they're associated with. Use this to list all package policies, filter them by criteria, or get their IDs and configurations. Supports pagination, sorting, and KQL filtering.
  • Get Fleet Server Host: Tool to fetch details of a specific Fleet server host by its item ID. Use when you need to get information about a particular Fleet Server host.
  • Get Fleet Server Hosts: Tool to retrieve the list of Fleet Server hosts. Use when you need to get information about the available Fleet Server hosts.
  • Get Index Management Indices: Tool to fetch information about indices managed by Kibana's Index Management feature. It queries the underlying Elasticsearch /_cat/indices API to retrieve index details. Use when you need to list or get details about one or more indices in the cluster.
  • Get Installed EPM Packages: Tool to retrieve the list of installed packages in the Elastic Package Manager. Use this when you need to check which packages are currently installed in Fleet.
  • Get Kibana Status: Tool to get the current status of Kibana. Use when you need to check if Kibana is healthy, monitor its state, or get information about the Kibana instance including version, UUID, and metrics.
  • Get Node Metrics: Tool to retrieve statistics for nodes in an Elasticsearch cluster, often visualized in Kibana. Use when you need to monitor node health, performance, or resource usage. This action calls the Elasticsearch Nodes Stats API.
  • Get Reporting Jobs: Tool to retrieve a list of reporting jobs in Kibana. Use when you need to see pending or completed reports. This uses an internal API endpoint, which might be subject to change without notice.
  • Get Rule Types: Retrieves available rule types (alert types) in Kibana. Returns comprehensive metadata about each rule type including: - Available action groups and variables for action templates - License requirements and authorization details - Category (management, observability, securitySolution) - Configuration options like auto-recovery and timeout settings Use this to discover what types of alerting rules can be created in your Kibana instance, such as Elasticsearch query alerts, index threshold alerts, machine learning anomaly detection, and security detection rules.
  • Get Saved Objects: Tool to retrieve a list of saved objects in Kibana based on specified criteria. Use when you need to find dashboards, visualizations, index patterns, or other saved entities.
  • List Entity Store Entities: Tool to list entity records in the entity store with support for paging, sorting, and filtering. Use when you need to retrieve a list of entities such as users, hosts, or services.

How to connect Kibana

  1. Sign in to Definable AI and go to Apps
  2. Search for Kibana and click Connect
  3. Authorize via OAuth2 — takes under 30 seconds
  4. Use Kibana actions in your AI agents and workflows