The Scenario
Your team triaged 25 alerts overnight. They're sitting in a Google Sheet — each row has a title, severity, description, and the assignee's name. Your job this morning is to get each one into Kibana as a case so the investigation tracking can start.
The Kibana Cases UI is not built for bulk entry. You open a new case. You type the title. You select the severity. You paste the description. You assign it. You click create. You open the next one.
The bad version:
- Work through all 25 rows manually in the Kibana UI, one case creation form at a time.
- Mistype an assignee name on row 14, create the case anyway, and have to go back and reassign it.
- Finish after 40 minutes, realize two rows were skipped because you lost your place, and create those manually.
Twenty-five alerts this morning. Forty next week if a new threat campaign comes in. The math on that doesn't improve.
The Easy Way: One Prompt in SheetXAI
SheetXAI is an AI agent that lives inside your Google Sheet. It reads your alert rows and uses Kibana's Cases API to create each case, then writes the returned case IDs back into the sheet so you have a complete audit trail.
Create a Kibana case for every row in this sheet using the title in column A, severity in column B, and description in column C, then write the returned case ID back to column D.
What You Get
- A Kibana case created for each row, matching exactly the title, severity, and description in the sheet
- Case IDs written back to column D as each case is created
- A complete record in the sheet linking your original alert data to the Kibana case ID for follow-up
What If the Data Is Not Quite Ready
Some severity values are in the wrong format
Your sheet has "HIGH" in all caps, but Kibana's API expects "high" in lowercase:
Before creating cases, normalize the values in column B to lowercase (high, medium, low, critical), then create a Kibana case for each row using column A for the title, column B for severity, and column C for the description, writing case IDs to column D.
You want to pull open high-severity cases back into the sheet for a morning briefing
After cases are created, you want a live view of what's outstanding:
Fetch all open Kibana cases with severity 'high' or 'critical' and paste their case ID, title, severity, assignees, and creation date into this sheet for a morning triage briefing.
Some rows are missing descriptions
The overnight triage was fast and a few description cells are blank:
Create Kibana cases for every row in this sheet that has a non-empty value in column C. Skip rows where column C is blank. Write the returned case ID to column D for each case created, and write 'Skipped - no description' to column D for any row that was skipped.
Clean the sheet, create the cases, and pull confirmation data back in one shot
Normalize column B values to lowercase, skip any rows missing a title in column A or a description in column C, create a Kibana case for each qualifying row using the title in column A, severity in column B, description in column C, and assignee in column E, then write the returned case ID and creation timestamp back to columns F and G respectively.
The pattern: data cleanup and case creation in a single instruction — no intermediate step where you clean the sheet first, then run the bulk create.
Try It
Get the 7-day free trial of SheetXAI and open any sheet where your team is tracking triaged alerts or incident queues, then ask it to bulk-create the Kibana cases and write the IDs back. You can also look at Audit Kibana Detection Rules Into a Google Sheet or return to the Kibana integration overview.