Hi All,
I'm trying to filter alerts with KQL using "data_stream.namespace" in Security -> Alerts but no results.
Even using "Group alerts by" with "data_stream.namespace" gives no result.
But the field is visible and populated correctly.
If I run the same query on Analytics -> Discover I see the logs.
I use version 8.9.2 in the cloud.
Thank you