Documentation for Fleet API usage

Hello all,
I am looking for better documentation about using the Fleet API in Elastic/Kibana 7.17.
I have looked at
I find these to be non-intuitive.

For instance, I am trying to automate adding an "integration" (UI terminology) to a policy. None of the API endpoints listed indicates to me that it is the one to use. There are endpoints for "package" and "package_policies", but not for "integration".
I have resorted to using the Chrome browser Developer Tools to look at the network traffic when interacting with the UI to add an integration to a policy. That lead me to try the api/fleet/package_policies endpoint. I took the payload reported through the browser developer tools and, in an environment where no changes had been made to the default policies, used that in my API call. I got back an error:

 FAILED! => {"cache_control": "private, no-cache, no-store, must-revalidate", "changed": false, "connection": "close", "content": "{\"statusCode\":404,\"error\":\"Not Found\",\"message\":\"Saved object [ingest-agent-policies/['<value that matches the policy id to which I'm trying to add the integration>']] not found\"}"

I don't see anything in the API docs about saved objects or ingest agent policies. Since integrations include saved objects I hypothesized that maybe I needed to install the integration first. So, I did that through the UI, and then retried the package_policies endpoint again. I got the same response as above.

I don't see many posts in this forum concerning Fleet API usage. Is it just not being used much at this point? Or am simply not finding the posts (due to flawed post searching criteria)?

Is anybody working with the API to fully automate the set up of agent policies?


You are using the right API , package_policies is for creating integration policies. I agree that the naming is not very intuitive.

From the error message it seems like the agent policy is not found.
Are you sure you are setting an existing agent policy id as the policy_id in the package_policies create request?

As for the API docs, we have plans to add more documentation, and promote it officially to GA: [Fleet] Promote Fleet API to GA · Issue #123150 · elastic/kibana · GitHub

I figured out the cause of the error. Using Ansible, I was extracting the policy id from the system using a call to the agent_policies API and then using json_query to pull out the data. I'm fairly new to Ansible and did not realize that json_query was returning a list with a single value rather than just the value alone. Fixing that resulted in a successful API call for package_policies.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.