How to change change Kibana saved search (Discover) with a REST request?

Question

我有用于搜索Kibana中特定事件的查询，该查询与其他搜索一起保存，是否可以通过REST调用以编程方式更改它？

Answer 1

Everything is stored in .kibana index and you can update your settings by a put request into elasticsearch but it's not recommended.
You can edit your saved search in kibana/settings/objects .

Answer 2

As @Mohammad said, All metadata related to Kibana is stored under .kibana index in elasticsearch cluster. All searches, visualization, dashboards are stored in their respective types in .kibana index. eg searches are stored under search type in .kibana index.

Get all searches by executing following command:

GET /.kibana/search/_search
{
  "query": {
    "match_all": {}
  }
}

Retrieve search-id for which you want to update the query from the above results.

Now you can update that specific search document by using _update API as shown below:

POST /.kibana/search/<search-id>/_update
{
   "doc" : {
      "kibanaSavedObjectMeta":{ "searchSourceJSON": """{"index":"test-*","query":{"query_string":{"query":"id:2","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}"""
   }
   }
}

Consider the following warning message from Kibana if you are not advanced user:

Proceed with caution!

Modifying objects is for advanced users only. Object properties are not validated and invalid objects could cause errors, data loss, or worse. Unless someone with intimate knowledge of the code told you to be in here, you probably shouldn't be.