So I reindex one of my ".kibana" index to a new index called "kibana-detections" as shown below
POST _reindex
{
"source": {
"index": ".kibana",
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"exists": {
"field": "alert.name.keyword"
}
}
],
"should": [],
"must_not": []
}
}
},
"dest": {
"index": "kibana-detections",
"version_type": "external"
}
}
So in my "kibana-detections" index, it currently stores the copied Rules that is in Elastic Security from the ".kibana" index. The problem is that now, when I add new Rules to Elastic Security, the Rules in "kibana-detections" index is not updated, only the non-updated/old data is reflected.
The question is how do I update/refresh the "kibana-detections" index to have the data periodically update (ie. update every 5 mins) ? Do I have to keep deleting the old reindex-ed index and then reindex it again every single time a new Rule is added in Elastic Security?