do not use index_patterns: [*], this means that you index pattern will also be applied to the internal elastic indices used by security, alerting and monitoring. Always specify a proper index pattern with a prefix.
1 Like