The command evebox sqlite dump exports the events back into an eve.json style file, but does not record state such as escalated or archived. This command should save that in the json, in keys under evebox so they can be restored on a load into sqlite or even elastic.
The command
evebox sqlite dumpexports the events back into aneve.jsonstyle file, but does not record state such asescalatedorarchived. This command should save that in thejson, in keys undereveboxso they can be restored on a load into sqlite or even elastic.