Failed to fetch rules and timelines: Failed to parse field [filter]: x_content_parse_exception




I am unable to find what went wrong.
Can anyone help me out ?

PS: 1)Not able to see pre-configured rules and customised one(for superuser role)
2)No alert is getting triggered

Hey there @aditi_salunke :wave:

This appears similar to Detection Custom Rule not working, however you're also experiencing it on the Stack Monitoring page it looks like? Are you seeing this error anywhere else by chance?

Also noted that this occurs when using a user with the superuser role -- can you share the current user's role definition, and any configured document level security options that may be present? Similar type errors can bubble up from ES when there's something wrong with those configurations.

In addition, can you verify the following?

  • What version and type of deployment are you on?
  • Did this start happening after a specific configuration change, or addition of new rules? If so, can you provide more details as to what changes, or the rules in question?

Thanks!
Garrett

Through other conversations this was solved by:

There was version compability issue between elasticsearch(v12) and kibana(v10).
Upgrading the kibana solved all the issues.

If you haven't yet, I would recommend keeping those two in sync and this problem should be resolved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.