Hi,
I have duplicated the "Potential Disabling of SELinux" rule, exported it and imported it again to add my custom index pattern (selinux_index) by editing the NDJSON file. However I am getting the following warning and nothing is getting detected-
The following indices are missing the timestamp override field "event.ingested": ["selinux_index"]
How can I solve this issue?
Thanks in advance