Hello
I am using Docker ELK and I keep Elasticsearch data permanently by using the following on .yml
volumes:
But how can i save my EQL, KQL rules in security application?
Where can i find this folder?
Do I miss something?
Thanks in advance
Hi @Dalador According to the docs, if you export your rules, you can specify a file to store them to in .ndjson format. Once exported, you'll be able to import them again at a later stage.
I'm not sure what the default folder is for Docker or if there is one but you could also configure a repository to store cluster snapshots in. Snapshots are a convenient way to backup your data in the event that your cluster goes down (ether intentionally or otherwise).
I hope that helps a bit.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.