elasticsearchkibanaelastic-stackelk
Exporting rules to ndjson generates incomplete file
I'm trying to export all the 722 rules into an ndjson file, but the file is incomplete. There are two sets of rule: Elastic rules and Custom rules.
I go to Security > Overview > Rules > Select all 722 rules > Bulk Actions > Export selected.
However, the resulting output contains the following, which is NOT what I need.
Now, when I select the 20 Custom rules, I do get the expect output.
Any idea on how to fix this? Or am I doing something wrong?
Thanks for your help!
Solution
Found a solution to this.
What worked for me was to use a GET request to return all rules in json format
https://<IP address":<port>/api/detection_engine/rules/_find?page=1&per_page=<number of results to include>
All the info is here: https://www.elastic.co/guide/en/security/current/rules-api-find.html
- Can I filter an array in elastic?
- Pyspark Streaming data to Elastic search index from Kafka topic , running in Jupyter notebook, causing failure
- How to move shards around in a cluster
- OData services with Elastic search
- How to query elasticsearch from spring with LocalDate
- Elasticsearch query to get values of multiple attributes
- I want to sort my elastic search aggregation data with most recent login for each user by there name
- bucket_script inside filter aggregation throws error
- Elasticsearch delete_by_query version conflict
- Case insensitive exact match in ElasticSearch
- How do I enable remote access/request in Elasticsearch 2.0?
- Fluent-bit - Splitting json log into structured fields in Elasticsearch
- Elasticsearch Devtools Queries (Regexp/Wildcard) - Not Working
- Elastic Search Analyzer at search time not working
- Elasticsearch 7.2.0: master not discovered or elected yet, an election requires at least X nodes
- Create TermsQuery with List<String> using elasticsearch java api client
- Elasticsearch: Use loop in Painless script
- How can I check nulls in Logstash pipeline in filter plugin?
- How to input a JSON file (array form) in Logstash?
- OpenTelemetry Export to Elastic Search without Elastic APM
- Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
- trying to pass params to elasticsearch getting null_pointer_exception
- 'Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes" error when indexing a list of dictionaries
- Regexp filter in Opensearch (or Elasticsearch)
- Shards and replicas in Elasticsearch
- Search document with empty array field, on ElasticSearch
- how to rename an index in a cluster?
- Merge two indices value by a common field in elasticsearch
- Why does Elasticsearch sum score become inaccurate with big numbers?
- How to log using serilog to elasticsearch with Elastic.Serilog.Sinks in .net application