Export rulesedit
Exports rules to an ndjson file.
The Kibana Console supports only Elasticsearch APIs. You cannot interact with the Kibana APIs with the Console and must use curl
or another HTTP tool instead. For more information, refer to Console.
You cannot export prebuilt rules but they are available at https://github.com/elastic/detection-rules/tree/main/rules/.
Request URLedit
POST <kibana host>:<port>/api/detection_engine/rules/_export
URL query parametersedit
Name | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether a summary of the exported rules is returned. |
No, defaults to |
|
String |
File name for saving the exported rules. |
No, defaults to
|
When using cURL to export rules to a file, use the -O
and -J
options
to save the rules to the file name specified in the URL.
Request bodyedit
An optional JSON objects
array containing the rule_id
fields of the rules
you want to export:
Name | Type | Description | Required |
---|---|---|---|
|
String[] |
Array of |
No, exports all rules when unspecified. |
Example requestedit
Exports two rules without details and saves them to the exported_rules.ndjson
file:
POST api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson { "objects": [ { "rule_id":"343580b5-c811-447c-8d2d-2ccf052c6900" }, { "rule_id":"2938c9fa-53eb-4c04-b79c-33cbf041b18d" } ] }
Response codeedit
-
200
- Indicates a successful call.