Filter Alerts by data_stream.namespace

DVCS · September 21, 2023, 8:56am

Hi All,
I'm trying to filter alerts with KQL using "data_stream.namespace" in Security -> Alerts but no results.
Even using "Group alerts by" with "data_stream.namespace" gives no result.
But the field is visible and populated correctly.
If I run the same query on Analytics -> Discover I see the logs.

I use version 8.9.2 in the cloud.

Thank you

system · October 19, 2023, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data_stream.namespace in subject for Jira Action Elastic Security	2	221	December 26, 2023
How to get context Alert Data in SUBJECT of Security Alert SIEM Endpoint Security elastic-stack-alerting	3	832	September 27, 2022
Alerting - Filter Query not working Kibana elastic-stack-alerting	3	6	November 15, 2024
Data_stream_namespace ignored? Logstash datastreams	1	312	April 28, 2022
Alert Rules - doesn't seem to process query Kibana infrastructure-observability	2	27	October 26, 2024

Filter Alerts by data_stream.namespace

Related topics