Hi,
I am trying to create a custom query detection rule in kibana 7.16, the query is as simple as this:
dstcountry.keyword : "Spain"
when i click on preview results it returns 0 hits, but in the discover i get almost 10000 hits. what can it be due to?
Thanks in advance.
Are you sure you set up correctly the indices and time field? Just checked (on 8.4.3) and it works as expected.
Have you tried using KQL instead?, it asks for a data view (index pattern) so the time field is already defined for you.
I had misconfigured the rule, thanks anyway.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.