I'm using Filebeat 7.3.1 with Elastic Cloud 7.3.0 and the Authentications pane (in SIEM app) is empty (despite being able to view them in Discover / filebeat index.
When I inspect the response in the SIEM app I get :
type": "illegal_argument_exception", "reason": "Fielddata is disabled on text fields by default
The index template is loaded so not sure why this is happening? Same is happening on Auditbeat