In the "Alerts" section, in the "Stack by" field, I see many fields other than the one I need (client.ip). How to add a field to this list?
What version are you on @VellayLoket? Looks like this was changed to a free field selection in 8.1, so from that version forward you can just type whichever field you want 
Added in this PR: [Security Solution] Alerts visualization free field selection by kqualters-elastic · Pull Request #120610 · elastic/kibana · GitHub
Cheers!
Garrett
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.