IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Import timelines and timeline templatesedit
Imports timelines and timeline templates from an ndjson
file.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
If you are updating an existing timeline template, make sure:
-
You specify the relevant template’s unique ID (
templateTimelineId
). -
You increment the timeline’s version number (
templateTimelineVersion
).
Request URLedit
POST <kibana host>:<port>/api/timeline/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the ndjson file containing the timelines.
For example, using cURL:
curl -X POST "<KibanaURL>/api/timeline/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
Example requestedit
Imports the rules in the timelines_export.ndjson
file:
curl -X POST "api/detection_engine/rules/_import" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@timelines_export.ndjson"
Response codeedit
-
200
- Indicates a successful call.