Hello, when I create an Indicator Match detection rule using an uploaded value list (following instructions from Create a detection rule | Elastic Security Solution [8.11] | Elastic), the rule fails to execute with the following error:
An error occurred during rule execution: message: "search_phase_execution_exception: [query_shard_exception] Reason: No mapping found for [@timestamp] in order to sort on"
The Data View I am searching on does have a @timestamp field, but I noticed that the .items-* indices do not. I believe these rules worked for me without issue in version 8.5.0.