The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Import timelines and timeline templates
editImport timelines and timeline templates
editImports timelines and timeline templates from an ndjson
file.
If you are updating an existing timeline template, make sure:
-
You specify the relevant template’s unique ID (
templateTimelineId
). -
You increment the timeline’s version number (
templateTimelineVersion
).
Request URL
editPOST <kibana host>:<port>/api/timeline/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the ndjson file containing the timelines.
For example, using cURL:
curl -X POST "<KibanaURL>/api/timeline/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
Example request
editImports the rules in the timelines_export.ndjson
file:
curl -X POST "api/detection_engine/rules/_import" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@timelines_export.ndjson"
Response code
edit-
200
- Indicates a successful call.