7.9.x greying out disables additional criteria selection

Hi all,

I have been using Elasticsearch for a couple of years now for integration with my SIEM (using Wazuh). This has worked quite well for me as I go through my daily threat hunting activities. I appreciate all of the hard work that goes into the Elastic stack.

A few days ago when I upgraded to 7.9.1 I noticed that behavior changed in my custom dashboard such that a single click of a criterion I am tuning out turns all of the visualizations grey and disables the ability to exclude any additional criteria until the visualizations refresh.

There are many times during my daily threat hunting activities where I click on multiple criteria in quick succession because after a quick glance it becomes clear that those are not relevant or interesting...So this new greying out behavior that disables clicking on any other criteria slows the process down quite a bit.

I saw in another post that there is currently not a way to disable this behavior. Is there a plan to add the option to disable this new behavior? At this point, I have downgraded to 7.8.1 because of how disruptive this was.

Any help would be much appreciated.

I agree that the loss of ability to click multiple new criteria items in prompt succession on a rich dashboard without having to wait for the whole dashboard to re-render between every click, really cramps certain threat hunting work flows. Is or could there be some workaround to this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.