Endpoint security rules

Running 7.11 in Elastic Cloud and the endpoint agent and noticed all endpoint security rules are failing due to

The following index patterns did not match any indices: ["endgame-*"]

I do not have this indices, should I have this?

If you don't have endpoint data you can safety turn it off. Later if you deploy endpoint agents/data you can turn it back on. We're discussing probably not making this a hard error for when the index is not present.

I have deployed the endpoint agent on Linux and a few Windows nodes though, shouldn't I have some data?

I would check your indexes and data directly see where they are at. That error could have been from earlier when you first deployed possibly when the data wasn't first there.

hmm. The agents have been running for about a week now so I would have thought there would be some data.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.