IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Delete Timelines or Timeline templates Cases API »
Elastic Docs Elastic Security Solution [8.2] Elastic Security APIs Timeline API

Import timelines and timeline templates

edit

Import timelines and timeline templates

edit

Imports timelines and timeline templates from an ndjson file.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

If you are updating an existing timeline template, make sure:

  • You specify the relevant template’s unique ID (templateTimelineId).
  • You increment the timeline’s version number (templateTimelineVersion).

Request URL

edit

POST <kibana host>:<port>/api/timeline/_import

The request must include:

  • The Content-Type: multipart/form-data HTTP header.
  • A link to the ndjson file containing the timelines.

For example, using cURL:

curl -X POST "<KibanaURL>/api/timeline/_import"
-u <username>:<password> -H 'kbn-xsrf: true'
-H 'Content-Type: multipart/form-data'
--form "file=@<link to file>"

The relative link to the ndjson file containing the timelines.

Example request

edit

Imports the rules in the timelines_export.ndjson file:

curl -X POST "api/detection_engine/rules/_import"
-H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data'
--form "file=@timelines_export.ndjson"

Response code

edit
200
Indicates a successful call.
« Delete Timelines or Timeline templates Cases API »