Rules folder location

Dalador · October 29, 2021, 2:16pm

Hello
I am using Docker ELK and I keep Elasticsearch data permanently by using the following on .yml

volumes:

/path/to/storage:/usr/share/Elasticsearch/data

But how can i save my EQL, KQL rules in security application?
Where can i find this folder?

Do I miss something?

Thanks in advance

cheiligers · October 30, 2021, 12:00am

Hi @Dalador According to the docs, if you export your rules, you can specify a file to store them to in .ndjson format. Once exported, you'll be able to import them again at a later stage.
I'm not sure what the default folder is for Docker or if there is one but you could also configure a repository to store cluster snapshots in. Snapshots are a convenient way to backup your data in the event that your cluster goes down (ether intentionally or otherwise).
I hope that helps a bit.

Topic		Replies	Views
Where User/Roles, Index and Saved objects are stored? Elasticsearch docker	3	1173	May 4, 2022
Kibana keep state (dashboards, visualizations, settings...) on Docker ELK Kibana	2	9806	August 21, 2017
Back up data from Elasticsearch and Kibana to another server Kibana docker	3	256	October 19, 2022
Kibana in Docker does not show snapshot result Elasticsearch docker , snapshot-and-restore	1	461	March 29, 2021
ES snapshot Elasticsearch	5	406	April 2, 2019

Rules folder location

Related topics