Home > Blockchain >  Exporting rules to ndjson generates incomplete file
Exporting rules to ndjson generates incomplete file

Time:11-10

I'm trying to export all the 722 rules into an ndjson file, but the file is incomplete. There are two sets of rule: Elastic rules and Custom rules.

I go to Security > Overview > Rules > Select all 722 rules > Bulk Actions > Export selected.

enter image description here

However, the resulting output contains the following, which is NOT what I need.

enter image description here

Now, when I select the 20 Custom rules, I do get the expect output. enter image description here

Any idea on how to fix this? Or am I doing something wrong?

Thanks for your help!

CodePudding user response:

It is an ongoing issue I think.

CodePudding user response:

Found a solution to this.

What worked for me was to use a GET request to return all rules in json format

https://<IP address":<port>5601/api/detection_engine/rules/_find?page=1&per_page=<number of results to include>

All the info is here: https://www.elastic.co/guide/en/security/current/rules-api-find.html

Page link:https//www.codepudding.com/Blockchain/604754.html

Prev:ES7 Update new completion with context field based on indexed values for every document using Update
Next:Don't understand why changing pointer of one variable affects the variable it's copied fro
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding