DiscordSign up
SKILLS.SH

kibana-streams

>

INSTALLATION
npx skills add https://github.com/elastic/agent-skills --skill kibana-streams
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

Item

Description

Kibana URL

Kibana endpoint (e.g. https://localhost:5601 or a Cloud deployment URL)

Authentication

API key or basic auth (see the elasticsearch-authn skill)

Privileges

read_stream for read operations; manage_stream for lifecycle APIs

Use the space-scoped path /s/{space_id}/api/streams when operating in a non-default space. For role configuration

(Kibana feature privileges and Elasticsearch-level permissions), refer to

Streams required permissions.

API base and headers

  • Base path: GET or POST to <kibana_url>/api/streams (or /s/<space_id>/api/streams for a space).
  • Read operations: Typically do not require extra headers; follow the

official API docs for each endpoint.

  • Lifecycle operations: POST /api/streams/_disable, _enable, and _resync are mutating — send kbn-xsrf: true

(or equivalent) as required by your Kibana version.

Operations (read + lifecycle)

Read

Operation

Method

Path

Get stream list

GET

/api/streams

Get a stream

GET

/api/streams/{name}

Get ingest stream settings

GET

/api/streams/{name}/_ingest

Get query stream settings

GET

/api/streams/{name}/_query

Get stream queries

GET

/api/streams/{name}/queries

Read significant events

GET

/api/streams/{name}/significant_events

Get stream attachments

GET

/api/streams/{streamName}/attachments

Lifecycle

Operation

Method

Path

Disable streams

POST

/api/streams/_disable

Enable streams

POST

/api/streams/_enable

Resync streams

POST

/api/streams/_resync

Path parameters: {name} and {streamName} are the stream identifier (same value; the API docs use both names).

Lifecycle and retention (ingest settings)

Ingest settings (GET /api/streams/{name}/_ingest) expose two separate lifecycle areas:

  • Stream lifecycle (ingest.lifecycle) — Controls how long the stream's data is retained. Use

lifecycle.dsl.data_retention (e.g. "30d") for explicit retention, or lifecycle.inherit for child streams. This

is what users usually mean when they ask to "set retention", "update retention", or "change the stream's retention".

  • Failure store lifecycle (ingest.failure_store.lifecycle) — Controls retention of failed documents only

(documents that did not process successfully). Users rarely need to change this unless they explicitly mention the

failure store or failed-document retention.

When a user asks to set or update retention, target the stream's main lifecycle (lifecycle.dsl.data_retention),

not the failure store, unless they specifically ask about failure store or failed documents.

Examples

List streams

curl -X GET "${KIBANA_URL}/api/streams" \

  -H "Authorization: ApiKey <base64-api-key>"

Get a single stream

curl -X GET "${KIBANA_URL}/api/streams/my-stream" \

  -H "Authorization: ApiKey <base64-api-key>"

Get stream queries

curl -X GET "${KIBANA_URL}/api/streams/my-stream/queries" \

  -H "Authorization: ApiKey <base64-api-key>"

Get significant events or attachments

# Significant events

curl -X GET "${KIBANA_URL}/api/streams/my-stream/significant_events" \

  -H "Authorization: ApiKey <base64-api-key>"

# Attachments (dashboards, rules, SLOs linked to the stream)

curl -X GET "${KIBANA_URL}/api/streams/my-stream/attachments" \

  -H "Authorization: ApiKey <base64-api-key>"

Disable, enable, or resync streams

# Disable streams (request body per API docs) — deletes wired stream data; warn and confirm before proceeding

curl -X POST "${KIBANA_URL}/api/streams/_disable" \

  -H "Authorization: ApiKey <base64-api-key>" \

  -H "kbn-xsrf: true" \

  -H "Content-Type: application/json" \

  -d '{}'

# Enable streams

curl -X POST "${KIBANA_URL}/api/streams/_enable" \

  -H "Authorization: ApiKey <base64-api-key>" \

  -H "kbn-xsrf: true" \

  -H "Content-Type: application/json" \

  -d '{}'

# Resync streams

curl -X POST "${KIBANA_URL}/api/streams/_resync" \

  -H "Authorization: ApiKey <base64-api-key>" \

  -H "kbn-xsrf: true" \

  -H "Content-Type: application/json" \

  -d '{}'

Check the Streams API operation pages for

request/response bodies (e.g. request body for _disable/_enable/_resync if required).

Guidelines

  • When the user asks to set or update retention, assume they mean the stream's data retention

(ingest.lifecycle / lifecycle.dsl.data_retention). Do not change only the failure store retention unless they

explicitly ask about the failure store or failed documents.

  • Other mutating operations (create, update, delete, fork, bulk query management, attachment management, and more) are

not supported by this skill. See references/streams-api-reference.md for the

full list of deferred operations.

  • Disabling streams can lead to data loss for wired streams. The disable API deletes wired stream data (classic

stream data is preserved). Before calling disable, warn the user and confirm they understand the risk (and have backed

up or no longer need the data).

  • Prefer read operations when the user only needs to inspect stream state; use lifecycle APIs when they need to enable,

disable, or resync streams.

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-kusto
3/3

Execute KQL queries and analyze data in Azure Data Explorer for log analytics, telemetry, and time series insights. Execute KQL queries against massive datasets with sub-second performance, including filtering, aggregation, time series analysis, and cross-table joins Discover and explore cluster resources, databases, and table schemas to understand your data model before querying Supports five core query patterns: basic retrieval, aggregation analysis, time series analytics, join-based correlation, and schema discovery Built-in fallback to Azure CLI commands when MCP tools timeout or encounter connection errors

Verified authormicrosoft
SKILLS.SH
307K1.1K
2026-05-22
azure-cost-optimization
3/3

Identify cost savings across Azure subscriptions through resource analysis, utilization metrics, and actionable optimization recommendations. Discovers orphaned resources (unattached disks, unused NICs, idle gateways) and over-provisioned services using Azure Quick Review Queries actual costs from Azure Cost Management API and utilization data from Azure Monitor to support rightsizing recommendations Generates prioritized optimization reports with estimated savings, implementation commands, and Azure Portal links for each resource Includes specialized Redis cost optimization analysis with subscription filtering and pre-built report templates Requires Cost Management Reader, Monitoring Reader, and Reader roles; validates prerequisites before analysis begins

Verified authormicrosoft
SKILLS.SH
180K1.1K
2026-05-22
lark-workflow-standup-report
3/3

日程待办摘要:编排 calendar +agenda 和 task +get-my-tasks,生成指定日期的日程与未完成任务摘要。适用于了解今天/明天/本周的安排。

larksuite
SKILLS.SH
139K12.3K
2026-05-22
azure-cost
3/3

Unified Azure cost management: query historical costs, forecast future spending, and optimize to reduce waste. WHEN: \&quot;Azure costs\&quot;, \&quot;Azure spending\&quot;,…

Verified authormicrosoft
SKILLS.SH
128K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card