Hi, I would like to create a dashboard with the data from elastic alerting.
According to this documentation page the data is visible under .internal-alerts-* indices
I can see those in index management
ex. .internal.alerts-default.alerts-default-000001
But I can’t make a dataview covering these indices is there a way to do this or is this not supported?
Found the solution I had to enable system and hidden indices when creating the dataview under advanced settings
Hey @Maretti!
As the documentation explains, alert indices are system/hidden indices, so use with caution! I’d suggest using the .alerts-* aliases instead of the corresponding .internal.alerts-* indices directly. If you need to query specific rule types, you can do so using the kibana.alert.rule.rule_type_id field in alert documents.
However if you only need to display alerts in your dashboards without complex queries, consider using the Alerts panel: it displays an alerts table you can filter by Solution, rule type and rule tags.
Hope this helps! 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.