diff --git a/x-pack/plugins/security_solution/common/search_strategy/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/common/index.ts
index d8ef64fe1b5a4..c33c3f9abae6b 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/common/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/common/index.ts
@@ -10,7 +10,6 @@ export type {
   SortField,
   TimerangeInput,
   PaginationInputPaginated,
-  DocValueFields,
   CursorType,
   TotalValue,
 } from '@kbn/timelines-plugin/common';
diff --git a/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts b/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts
index 9750fbde2db47..01a1073c0fa71 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts
@@ -14,8 +14,4 @@ export type {
   BrowserField,
   BrowserFields,
 } from '@kbn/timelines-plugin/common';
-export {
-  EMPTY_BROWSER_FIELDS,
-  EMPTY_DOCVALUE_FIELD,
-  EMPTY_INDEX_FIELDS,
-} from '@kbn/timelines-plugin/common';
+export { EMPTY_BROWSER_FIELDS, EMPTY_INDEX_FIELDS } from '@kbn/timelines-plugin/common';
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
index 43d3d8722e797..dfc26932e8d79 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { IEsSearchRequest } from '@kbn/data-plugin/common';
 import type { ESQuery } from '../../typed_json';
 import type {
@@ -120,7 +119,6 @@ export interface RequestBasicOptions extends IEsSearchRequest {
   timerange: TimerangeInput;
   filterQuery: ESQuery | string | undefined;
   defaultIndex: string[];
-  docValueFields?: estypes.QueryDslFieldAndFormat[];
   factoryQueryType?: FactoryQueryTypes;
 }
 
diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx
index ae214bd201bf5..a7c2075497b5a 100644
--- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/index.tsx
@@ -72,7 +72,6 @@ const HistogramPanel = styled(Panel)<{ height?: number }>`
 export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> = ({
   chartHeight,
   defaultStackByOption,
-  docValueFields,
   endDate,
   errorMessage,
   filterQuery,
@@ -176,7 +175,6 @@ export const MatrixHistogramComponent: React.FC<MatrixHistogramComponentProps> =
     stackByField: selectedStackByOption.value,
     runtimeMappings,
     isPtrIncluded,
-    docValueFields,
     skip: querySkip,
   };
   const [loading, { data, inspect, totalCount, refetch }] =
diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts
index 9557e2be55742..49ac62cb572e4 100644
--- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts
+++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts
@@ -15,7 +15,6 @@ import type { InputsModelId } from '../../store/inputs/constants';
 import type { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
 import type { UpdateDateRange } from '../charts/common';
 import type { GlobalTimeArgs } from '../../containers/use_global_time';
-import type { DocValueFields } from '../../../../common/search_strategy';
 import type { FieldValueThreshold } from '../../../detections/components/rules/threshold_input';
 import type { GetLensAttributes, LensAttributes } from '../visualization_actions/types';
 
@@ -66,7 +65,6 @@ interface MatrixHistogramBasicProps {
 }
 
 export interface MatrixHistogramQueryProps {
-  docValueFields?: DocValueFields[];
   endDate: string;
   errorMessage: string;
   indexNames: string[];
diff --git a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts
index 8fef932c991a4..c770713b602b7 100644
--- a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts
+++ b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts
@@ -6,7 +6,7 @@
  */
 
 import deepEqual from 'fast-deep-equal';
-import { getOr, isEmpty, noop } from 'lodash/fp';
+import { getOr, noop } from 'lodash/fp';
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { Subscription } from 'rxjs';
 
@@ -48,7 +48,6 @@ export interface UseMatrixHistogramArgs {
 }
 
 export const useMatrixHistogram = ({
-  docValueFields,
   endDate,
   errorMessage,
   filterQuery,
@@ -88,7 +87,6 @@ export const useMatrixHistogram = ({
       runtimeMappings,
       threshold,
       ...(isPtrIncluded != null ? { isPtrIncluded } : {}),
-      ...(!isEmpty(docValueFields) ? { docValueFields } : {}),
       ...(includeMissingData != null ? { includeMissingData } : {}),
     });
   const { addError, addWarning } = useAppToasts();
@@ -171,7 +169,6 @@ export const useMatrixHistogram = ({
         stackByField,
         threshold,
         ...(isPtrIncluded != null ? { isPtrIncluded } : {}),
-        ...(!isEmpty(docValueFields) ? { docValueFields } : {}),
       };
       if (!deepEqual(prevRequest, myRequest)) {
         return myRequest;
@@ -187,7 +184,6 @@ export const useMatrixHistogram = ({
     histogramType,
     threshold,
     isPtrIncluded,
-    docValueFields,
   ]);
 
   useEffect(() => {
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx b/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
index 24d58a665177b..40a473de30687 100644
--- a/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
@@ -102,7 +102,6 @@ describe('source/index.tsx', () => {
       expect(payload.id).toEqual('neato');
       expect(Object.keys(payload.browserFields)).toHaveLength(12);
       expect(Object.keys(payload.indexFields)).toHaveLength(mocksSource.indexFields.length);
-      expect(payload.docValueFields).toEqual([{ field: '@timestamp' }]);
     });
 
     it('should reuse the result for dataView info when cleanCache not passed', async () => {
@@ -120,23 +119,18 @@ describe('source/index.tsx', () => {
 
       await indexFieldsSearch!({ dataViewId: 'neato' });
       const {
-        payload: { browserFields, indexFields, docValueFields },
+        payload: { browserFields, indexFields },
       } = mockDispatch.mock.calls[1][0];
 
       mockDispatch.mockClear();
 
       await indexFieldsSearch!({ dataViewId: 'neato' });
       const {
-        payload: {
-          browserFields: newBrowserFields,
-          indexFields: newIndexFields,
-          docValueFields: newDocValueFields,
-        },
+        payload: { browserFields: newBrowserFields, indexFields: newIndexFields },
       } = mockDispatch.mock.calls[1][0];
 
       expect(browserFields).toBe(newBrowserFields);
       expect(indexFields).toBe(newIndexFields);
-      expect(docValueFields).toBe(newDocValueFields);
     });
 
     it('should not reuse the result for dataView info when cleanCache passed', async () => {
@@ -154,23 +148,18 @@ describe('source/index.tsx', () => {
 
       await indexFieldsSearch!({ dataViewId: 'neato' });
       const {
-        payload: { browserFields, indexFields, docValueFields },
+        payload: { browserFields, indexFields },
       } = mockDispatch.mock.calls[1][0];
 
       mockDispatch.mockClear();
 
       await indexFieldsSearch!({ dataViewId: 'neato', cleanCache: true });
       const {
-        payload: {
-          browserFields: newBrowserFields,
-          indexFields: newIndexFields,
-          docValueFields: newDocValueFields,
-        },
+        payload: { browserFields: newBrowserFields, indexFields: newIndexFields },
       } = mockDispatch.mock.calls[1][0];
 
       expect(browserFields).not.toBe(newBrowserFields);
       expect(indexFields).not.toBe(newIndexFields);
-      expect(docValueFields).not.toBe(newDocValueFields);
     });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
index 68beb34712a6e..7f420fbf085da 100644
--- a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
@@ -15,7 +15,6 @@ import { Subscription } from 'rxjs';
 import type {
   BrowserField,
   BrowserFields,
-  DocValueFields,
   IndexField,
   IndexFieldsStrategyRequest,
   IndexFieldsStrategyResponse,
@@ -26,7 +25,7 @@ import * as i18n from './translations';
 import { useAppToasts } from '../../hooks/use_app_toasts';
 import { getDataViewStateFromIndexFields } from './use_data_view';
 
-export type { BrowserField, BrowserFields, DocValueFields };
+export type { BrowserField, BrowserFields };
 
 export function getAllBrowserFields(browserFields: BrowserFields): Array<Partial<BrowserField>> {
   const result: Array<Partial<BrowserField>> = [];
@@ -86,11 +85,8 @@ export const getBrowserFields = memoizeOne(
 
 const DEFAULT_BROWSER_FIELDS = {};
 const DEFAULT_INDEX_PATTERNS = { fields: [], title: '' };
-const DEFAULT_DOC_VALUE_FIELDS: DocValueFields[] = [];
-
 interface FetchIndexReturn {
   browserFields: BrowserFields;
-  docValueFields: DocValueFields[];
   indexes: string[];
   indexExists: boolean;
   indexPatterns: DataViewBase;
@@ -112,7 +108,6 @@ export const useFetchIndex = (
 
   const [state, setState] = useState<FetchIndexReturn>({
     browserFields: DEFAULT_BROWSER_FIELDS,
-    docValueFields: DEFAULT_DOC_VALUE_FIELDS,
     indexes: indexNames,
     indexExists: true,
     indexPatterns: DEFAULT_INDEX_PATTERNS,
@@ -140,14 +135,13 @@ export const useFetchIndex = (
                     const stringifyIndices = response.indicesExist.sort().join();
 
                     previousIndexesName.current = response.indicesExist;
-                    const { browserFields, docValueFields } = getDataViewStateFromIndexFields(
+                    const { browserFields } = getDataViewStateFromIndexFields(
                       stringifyIndices,
                       response.indexFields
                     );
                     setLoading(false);
                     setState({
                       browserFields,
-                      docValueFields,
                       indexes: response.indicesExist,
                       indexExists: response.indicesExist.length > 0,
                       indexPatterns: getIndexFields(stringifyIndices, response.indexFields),
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
index 607225ff62e57..956275d43bac7 100644
--- a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
+++ b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
@@ -7,7 +7,6 @@
 
 import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import { DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
-import type { DocValueFields } from '../../../../common/search_strategy';
 import type { BrowserFields } from '../../../../common/search_strategy/index_fields';
 
 export const mocksSource = {
@@ -957,17 +956,6 @@ export const mockBrowserFields: BrowserFields = {
   },
 };
 
-export const mockDocValueFields: DocValueFields[] = [
-  {
-    field: '@timestamp',
-    format: 'date_time',
-  },
-  {
-    field: 'event.end',
-    format: 'date_time',
-  },
-];
-
 export const mockRuntimeMappings: MappingRuntimeFields = {
   '@a.runtime.field': {
     script: {
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx b/x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx
index 49cf89e0de1b0..51ad895b56f0c 100644
--- a/x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx
@@ -12,7 +12,6 @@ import memoizeOne from 'memoize-one';
 import { omit, pick } from 'lodash/fp';
 import type {
   BrowserField,
-  DocValueFields,
   IndexField,
   IndexFieldsStrategyRequest,
   IndexFieldsStrategyResponse,
@@ -40,7 +39,6 @@ type DangerCastForBrowserFieldsMutation = Record<
 >;
 interface DataViewInfo {
   browserFields: DangerCastForBrowserFieldsMutation;
-  docValueFields: DocValueFields[];
   indexFields: FieldSpec[];
 }
 
@@ -69,17 +67,10 @@ export const getDataViewStateFromIndexFields = memoizeOne(
           pick(['name', 'searchable', 'type', 'aggregatable', 'esTypes', 'subType'], field)
         );
 
-        // mutate docValueFields
-        if (field.readFromDocValues && acc.docValueFields.length < 100) {
-          acc.docValueFields.push({
-            field: field.name,
-          });
-        }
         return acc;
       },
       {
         browserFields: {},
-        docValueFields: [],
         indexFields: [],
       }
     );
diff --git a/x-pack/plugins/security_solution/public/common/containers/sourcerer/index.tsx b/x-pack/plugins/security_solution/public/common/containers/sourcerer/index.tsx
index effd5196dd9bc..6db7392b596b7 100644
--- a/x-pack/plugins/security_solution/public/common/containers/sourcerer/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/sourcerer/index.tsx
@@ -408,7 +408,6 @@ export const useSourcererDataView = (
     () => ({
       browserFields: sourcererDataView.browserFields,
       dataViewId: sourcererDataView.id,
-      docValueFields: sourcererDataView.docValueFields,
       indexPattern: {
         fields: sourcererDataView.indexFields,
         title: selectedPatterns.join(','),
diff --git a/x-pack/plugins/security_solution/public/common/containers/sourcerer/readme.md b/x-pack/plugins/security_solution/public/common/containers/sourcerer/readme.md
index d6edb9794dc8b..b8672d7a9edc7 100644
--- a/x-pack/plugins/security_solution/public/common/containers/sourcerer/readme.md
+++ b/x-pack/plugins/security_solution/public/common/containers/sourcerer/readme.md
@@ -16,7 +16,6 @@
 interface SelectedDataView {
   browserFields: SourcererDataView['browserFields'];
   dataViewId: string | null; // null if legacy pre-8.0 timeline
-  docValueFields: SourcererDataView['docValueFields'];
   /**
    * DataViewBase with enhanced index fields used in timelines
    */
diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
index 027827474c780..17f5e4d9be8f8 100644
--- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts
+++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
@@ -34,12 +34,7 @@ import type { ManagementState } from '../../management/types';
 import { initialSourcererState, SourcererScopeName } from '../store/sourcerer/model';
 import { allowedExperimentalValues } from '../../../common/experimental_features';
 import { getScopePatternListSelection } from '../store/sourcerer/helpers';
-import {
-  mockBrowserFields,
-  mockDocValueFields,
-  mockIndexFields,
-  mockRuntimeMappings,
-} from '../containers/source/mock';
+import { mockBrowserFields, mockIndexFields, mockRuntimeMappings } from '../containers/source/mock';
 import { usersModel } from '../../users/store';
 import { UsersFields } from '../../../common/search_strategy/security_solution/users/common';
 
@@ -49,7 +44,6 @@ export const mockSourcererState = {
   defaultDataView: {
     ...initialSourcererState.defaultDataView,
     browserFields: mockBrowserFields,
-    docValueFields: mockDocValueFields,
     id: DEFAULT_DATA_VIEW_ID,
     indexFields: mockIndexFields,
     loading: false,
diff --git a/x-pack/plugins/security_solution/public/common/store/sourcerer/actions.ts b/x-pack/plugins/security_solution/public/common/store/sourcerer/actions.ts
index 2abd8a7a50919..f452d34cba310 100644
--- a/x-pack/plugins/security_solution/public/common/store/sourcerer/actions.ts
+++ b/x-pack/plugins/security_solution/public/common/store/sourcerer/actions.ts
@@ -19,7 +19,6 @@ const actionCreator = actionCreatorFactory('x-pack/security_solution/local/sourc
 
 export const setDataView = actionCreator<{
   browserFields: SourcererDataView['browserFields'];
-  docValueFields: SourcererDataView['docValueFields'];
   id: SourcererDataView['id'];
   indexFields: SourcererDataView['indexFields'];
   loading: SourcererDataView['loading'];
diff --git a/x-pack/plugins/security_solution/public/common/store/sourcerer/model.ts b/x-pack/plugins/security_solution/public/common/store/sourcerer/model.ts
index 3b35db56f4d0b..e4d16f2079dba 100644
--- a/x-pack/plugins/security_solution/public/common/store/sourcerer/model.ts
+++ b/x-pack/plugins/security_solution/public/common/store/sourcerer/model.ts
@@ -6,12 +6,8 @@
  */
 
 import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import type { BrowserFields, DocValueFields } from '@kbn/timelines-plugin/common';
-import {
-  EMPTY_BROWSER_FIELDS,
-  EMPTY_DOCVALUE_FIELD,
-  EMPTY_INDEX_FIELDS,
-} from '@kbn/timelines-plugin/common';
+import type { BrowserFields } from '@kbn/timelines-plugin/common';
+import { EMPTY_BROWSER_FIELDS, EMPTY_INDEX_FIELDS } from '@kbn/timelines-plugin/common';
 import type { SecuritySolutionDataViewBase } from '../../types';
 /** Uniquely identifies a Sourcerer Scope */
 export enum SourcererScopeName {
@@ -64,8 +60,6 @@ export interface SourcererDataView extends KibanaDataView {
    * category, description, format
    * indices the field is included in etc*/
   browserFields: BrowserFields;
-  /** query DSL field and format */
-  docValueFields: DocValueFields[];
   /** comes from dataView.fields.toSpec() */
   indexFields: SecuritySolutionDataViewBase['fields'];
   /** set when data view fields are fetched */
@@ -84,7 +78,6 @@ export interface SourcererDataView extends KibanaDataView {
 export interface SelectedDataView {
   browserFields: SourcererDataView['browserFields'];
   dataViewId: string | null; // null if legacy pre-8.0 timeline
-  docValueFields: SourcererDataView['docValueFields'];
   /**
    * DataViewBase with enhanced index fields used in timelines
    */
@@ -131,7 +124,6 @@ export const initSourcererScope: Omit<SourcererScope, 'id'> = {
 };
 export const initDataView = {
   browserFields: EMPTY_BROWSER_FIELDS,
-  docValueFields: EMPTY_DOCVALUE_FIELD,
   id: '',
   indexFields: EMPTY_INDEX_FIELDS,
   loading: false,
diff --git a/x-pack/plugins/security_solution/public/common/store/sourcerer/readme.md b/x-pack/plugins/security_solution/public/common/store/sourcerer/readme.md
index 6dbc8f5ad817c..28059371804c9 100644
--- a/x-pack/plugins/security_solution/public/common/store/sourcerer/readme.md
+++ b/x-pack/plugins/security_solution/public/common/store/sourcerer/readme.md
@@ -69,7 +69,6 @@ interface SourcererDataView extends KibanaDataView {
    * indices the field is included in etc*/
   browserFields: BrowserFields;
   /** query DSL field and format */
-  docValueFields: DocValueFields[];
   /** comes from dataView.fields.toSpec() */
   indexFields: SecuritySolutionDataViewBase['fields'];
   /** set when data view fields are fetched */
diff --git a/x-pack/plugins/security_solution/public/common/utils/alerts.ts b/x-pack/plugins/security_solution/public/common/utils/alerts.ts
index 461adbcc6e8c1..e0d497ba9e3f8 100644
--- a/x-pack/plugins/security_solution/public/common/utils/alerts.ts
+++ b/x-pack/plugins/security_solution/public/common/utils/alerts.ts
@@ -9,7 +9,6 @@ import { merge } from '@kbn/std';
 import { isPlainObject } from 'lodash';
 import type { Ecs } from '@kbn/cases-plugin/common';
 
-// TODO we need to allow ->  docValueFields: [{ field: "@timestamp" }],
 export const buildAlertsQuery = (alertIds: string[]) => {
   if (alertIds.length === 0) {
     return {};
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
index b1c55bdecc52d..f9be710725986 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
@@ -615,7 +615,6 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
         component={QueryBarDefineRule}
         componentProps={{
           browserFields,
-          // docValueFields,
           // runtimeMappings,
           idAria: 'detectionEngineStepDefineRuleQueryBar',
           indexPattern,
diff --git a/x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx b/x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx
index e6e02c335180c..156af86d9df37 100644
--- a/x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx
+++ b/x-pack/plugins/security_solution/public/hosts/containers/hosts/index.tsx
@@ -17,7 +17,6 @@ import { generateTablePaginationOptions } from '../../../common/components/pagin
 import type {
   HostsEdges,
   PageInfoPaginated,
-  DocValueFields,
   HostsRequestOptions,
 } from '../../../../common/search_strategy';
 import { HostsQueries } from '../../../../common/search_strategy';
@@ -44,7 +43,6 @@ export interface HostsArgs {
 }
 
 interface UseAllHost {
-  docValueFields?: DocValueFields[];
   endDate: string;
   filterQuery?: ESTermQuery | string;
   indexNames: string[];
@@ -54,7 +52,6 @@ interface UseAllHost {
 }
 
 export const useAllHost = ({
-  docValueFields,
   endDate,
   filterQuery,
   indexNames,
@@ -136,7 +133,6 @@ export const useAllHost = ({
       const myRequest = {
         ...(prevRequest ?? {}),
         defaultIndex: indexNames,
-        docValueFields: docValueFields ?? [],
         factoryQueryType: HostsQueries.hosts,
         filterQuery: createFilter(filterQuery),
         pagination: generateTablePaginationOptions(activePage, limit),
@@ -155,17 +151,7 @@ export const useAllHost = ({
       }
       return prevRequest;
     });
-  }, [
-    activePage,
-    direction,
-    docValueFields,
-    endDate,
-    filterQuery,
-    indexNames,
-    limit,
-    startDate,
-    sortField,
-  ]);
+  }, [activePage, direction, endDate, filterQuery, indexNames, limit, startDate, sortField]);
 
   useEffect(() => {
     if (!skip && hostsRequest) {
diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.test.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.test.tsx
index 34272cd7cbccf..aa260236da39d 100644
--- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.test.tsx
@@ -17,7 +17,6 @@ const mockUseSearchStrategy = useSearchStrategy as jest.Mock;
 const mockSearch = jest.fn();
 
 const props = {
-  docValueFields: [],
   endDate: '2020-07-08T08:20:18.966Z',
   id: ID,
   indexNames: ['auditbeat-*'],
diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx
index 28dc7e657191c..833efc839b600 100644
--- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx
+++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx
@@ -15,7 +15,6 @@ import { createFilter } from '../../../common/containers/helpers';
 import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers';
 import { networkSelectors } from '../../store';
 import type {
-  DocValueFields,
   NetworkDnsRequestOptions,
   NetworkDnsEdges,
   PageInfoPaginated,
@@ -41,7 +40,6 @@ export interface NetworkDnsResponse {
 
 interface UseNetworkDns {
   id: string;
-  docValueFields: DocValueFields[];
   indexNames: string[];
   filterQuery?: ESTermQuery | string;
   endDate: string;
@@ -50,7 +48,6 @@ interface UseNetworkDns {
 }
 
 export const useNetworkDns = ({
-  docValueFields,
   endDate,
   filterQuery,
   id,
@@ -119,7 +116,6 @@ export const useNetworkDns = ({
       const myRequest = {
         ...(prevRequest ?? {}),
         defaultIndex: indexNames,
-        docValueFields: docValueFields ?? [],
         isPtrIncluded,
         factoryQueryType: NetworkQueries.dns,
         filterQuery: createFilter(filterQuery),
@@ -136,17 +132,7 @@ export const useNetworkDns = ({
       }
       return prevRequest;
     });
-  }, [
-    activePage,
-    indexNames,
-    endDate,
-    filterQuery,
-    limit,
-    startDate,
-    sort,
-    isPtrIncluded,
-    docValueFields,
-  ]);
+  }, [activePage, indexNames, endDate, filterQuery, limit, startDate, sort, isPtrIncluded]);
 
   useEffect(() => {
     if (!skip && networkDnsRequest) {
diff --git a/x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx b/x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx
index ee423b0343088..54bdb1acd81b6 100644
--- a/x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx
+++ b/x-pack/plugins/security_solution/public/network/pages/navigation/dns_query_tab_body.tsx
@@ -51,7 +51,6 @@ export const histogramConfigs: Omit<MatrixHistogramConfigs, 'title'> = {
 
 const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
   deleteQuery,
-  docValueFields,
   endDate,
   filterQuery,
   indexNames,
@@ -82,7 +81,6 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
     loading,
     { totalCount, networkDns, pageInfo, loadPage, id, inspect, isInspected, refetch },
   ] = useNetworkDns({
-    docValueFields: docValueFields ?? [],
     endDate,
     filterQuery,
     id: queryId,
@@ -109,7 +107,6 @@ const DnsQueryTabBodyComponent: React.FC<NetworkComponentQueryProps> = ({
       <MatrixHistogram
         id={HISTOGRAM_ID}
         isPtrIncluded={isPtrIncluded}
-        docValueFields={docValueFields}
         endDate={endDate}
         filterQuery={filterQuery}
         indexNames={indexNames}
diff --git a/x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx b/x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx
index 80c83e4d9f218..14b2a90926a61 100644
--- a/x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx
+++ b/x-pack/plugins/security_solution/public/network/pages/navigation/network_routes.tsx
@@ -30,17 +30,7 @@ import { NetworkRouteType } from './types';
 import { NETWORK_PATH } from '../../../../common/constants';
 
 export const NetworkRoutes = React.memo<NetworkRoutesProps>(
-  ({
-    docValueFields,
-    type,
-    to,
-    filterQuery,
-    isInitializing,
-    from,
-    indexPattern,
-    indexNames,
-    setQuery,
-  }) => {
+  ({ type, to, filterQuery, isInitializing, from, indexPattern, indexNames, setQuery }) => {
     const networkAnomaliesFilterQuery = {
       bool: {
         should: [
@@ -83,7 +73,7 @@ export const NetworkRoutes = React.memo<NetworkRoutesProps>(
     return (
       <Switch>
         <Route path={`${NETWORK_PATH}/:tabName(${NetworkRouteType.dns})`}>
-          <DnsQueryTabBody {...tabProps} docValueFields={docValueFields} />
+          <DnsQueryTabBody {...tabProps} />
         </Route>
         <Route path={`${NETWORK_PATH}/:tabName(${NetworkRouteType.flows})`}>
           <>
diff --git a/x-pack/plugins/security_solution/public/network/pages/navigation/types.ts b/x-pack/plugins/security_solution/public/network/pages/navigation/types.ts
index e2b96fce68b6e..941ace5049cdf 100644
--- a/x-pack/plugins/security_solution/public/network/pages/navigation/types.ts
+++ b/x-pack/plugins/security_solution/public/network/pages/navigation/types.ts
@@ -15,8 +15,6 @@ import type { FlowTargetSourceDest } from '../../../../common/search_strategy/se
 import type { networkModel } from '../../store';
 import type { GlobalTimeArgs } from '../../../common/containers/use_global_time';
 
-import type { DocValueFields } from '../../../common/containers/source';
-
 export interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'deleteQuery'> {
   endDate: string;
   filterQuery?: string | ESTermQuery;
@@ -27,9 +25,7 @@ export interface QueryTabBodyProps extends Pick<GlobalTimeArgs, 'setQuery' | 'de
   type: networkModel.NetworkType;
 }
 
-export type NetworkComponentQueryProps = QueryTabBodyProps & {
-  docValueFields?: DocValueFields[];
-};
+export type NetworkComponentQueryProps = QueryTabBodyProps;
 
 export type IPsQueryTabBodyProps = QueryTabBodyProps & {
   flowTarget: FlowTargetSourceDest;
@@ -47,7 +43,6 @@ export type IPQueryTabBodyProps = FTQueryTabBodyProps & {
 export type HttpQueryTabBodyProps = QueryTabBodyProps;
 
 export type NetworkRoutesProps = GlobalTimeArgs & {
-  docValueFields: DocValueFields[];
   type: networkModel.NetworkType;
   filterQuery?: string | ESTermQuery;
   indexPattern: DataViewBase;
diff --git a/x-pack/plugins/security_solution/public/network/pages/network.tsx b/x-pack/plugins/security_solution/public/network/pages/network.tsx
index 7cce1ccda8225..d3857afd30c17 100644
--- a/x-pack/plugins/security_solution/public/network/pages/network.tsx
+++ b/x-pack/plugins/security_solution/public/network/pages/network.tsx
@@ -112,7 +112,7 @@ const NetworkComponent = React.memo<NetworkComponentProps>(
       [dispatch]
     );
 
-    const { docValueFields, indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
+    const { indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
 
     const onSkipFocusBeforeEventsTable = useCallback(() => {
       containerElement.current
@@ -214,7 +214,6 @@ const NetworkComponent = React.memo<NetworkComponentProps>(
                   </Display>
 
                   <NetworkRoutes
-                    docValueFields={docValueFields}
                     filterQuery={tabsFilterQuery}
                     from={from}
                     isInitializing={isInitializing}
diff --git a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.test.tsx
index 42306a7d3d205..79ef41a070574 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.test.tsx
@@ -14,7 +14,7 @@ import { TimelineId } from '../../../../../common/types/timeline';
 import { useTimelineKpis } from '../../../containers/kpis';
 import { FlyoutHeader } from '.';
 import { useSourcererDataView } from '../../../../common/containers/sourcerer';
-import { mockBrowserFields, mockDocValueFields } from '../../../../common/containers/source/mock';
+import { mockBrowserFields } from '../../../../common/containers/source/mock';
 import { getEmptyValue } from '../../../../common/components/empty_value';
 import { allCasesPermissions, readCasesPermissions } from '../../../../cases_test_utils';
 
@@ -53,7 +53,6 @@ const mockUseTimelineLargeKpiResponse = {
 };
 const defaultMocks = {
   browserFields: mockBrowserFields,
-  docValueFields: mockDocValueFields,
   indexPattern: mockIndexPattern,
   loading: false,
   selectedPatterns: mockIndexNames,
diff --git a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
index 4dc62c43e7f1e..743a1e87f9f8a 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
@@ -345,7 +345,7 @@ const TimelineStatusInfoComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }
 const TimelineStatusInfo = React.memo(TimelineStatusInfoComponent);
 
 const FlyoutHeaderComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }) => {
-  const { selectedPatterns, indexPattern, docValueFields, browserFields } = useSourcererDataView(
+  const { selectedPatterns, indexPattern, browserFields } = useSourcererDataView(
     SourcererScopeName.timeline
   );
   const getStartSelector = useMemo(() => startSelector(), []);
@@ -409,7 +409,6 @@ const FlyoutHeaderComponent: React.FC<FlyoutHeaderProps> = ({ timelineId }) => {
 
   const [loading, kpis] = useTimelineKpis({
     defaultIndex: selectedPatterns,
-    docValueFields,
     timerange,
     isBlankTimeline,
     filterQuery: combinedQueries?.filterQuery ?? '',
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.test.tsx
index c2036263ec28d..aae85b19bfd05 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.test.tsx
@@ -194,7 +194,6 @@ describe('Timeline', () => {
     test('it does render the timeline table when the source is loading with no events', () => {
       (useSourcererDataView as jest.Mock).mockReturnValue({
         browserFields: {},
-        docValueFields: [],
         loading: true,
         indexPattern: {},
         selectedPatterns: [],
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/index.test.tsx
index 292dd5e1a44b9..310849aee4c09 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/index.test.tsx
@@ -11,7 +11,7 @@ import useResizeObserver from 'use-resize-observer/polyfilled';
 
 import { DragDropContextWrapper } from '../../../common/components/drag_and_drop/drag_drop_context_wrapper';
 import '../../../common/mock/match_media';
-import { mockBrowserFields, mockDocValueFields } from '../../../common/containers/source/mock';
+import { mockBrowserFields } from '../../../common/containers/source/mock';
 import { TimelineId } from '../../../../common/types/timeline';
 import {
   createSecuritySolutionStorageMock,
@@ -94,7 +94,6 @@ jest.mock('../../../common/containers/sourcerer');
 const mockDataView = {
   dataViewId: mockGlobalState.timeline.timelineById.test?.dataViewId,
   browserFields: mockBrowserFields,
-  docValueFields: mockDocValueFields,
   loading: false,
   indexPattern: mockIndexPattern,
   pageInfo: { activePage: 0, querySize: 0 },
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
index 831b8358bad26..c7a30a4f501b8 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
@@ -206,7 +206,6 @@ describe('Timeline', () => {
     test('it does render the timeline table when the source is loading with no events', () => {
       (useSourcererDataView as jest.Mock).mockReturnValue({
         browserFields: {},
-        docValueFields: [],
         loading: true,
         indexPattern: {},
         selectedPatterns: [],
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx
index 5a4a61e809bd1..5bd71f4f7be94 100644
--- a/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx
@@ -14,7 +14,6 @@ import { isCompleteResponse, isErrorResponse } from '@kbn/data-plugin/public';
 import type { inputsModel } from '../../../common/store';
 import { useKibana } from '../../../common/lib/kibana';
 import type {
-  DocValueFields,
   TimelineKpiStrategyRequest,
   TimelineKpiStrategyResponse,
   TimerangeInput,
@@ -28,14 +27,12 @@ export interface UseTimelineKpiProps {
   timerange: TimerangeInput;
   filterQuery?: ESQuery | string | undefined;
   defaultIndex: string[];
-  docValueFields?: DocValueFields[];
   isBlankTimeline: boolean;
 }
 
 export const useTimelineKpis = ({
   timerange,
   filterQuery,
-  docValueFields,
   defaultIndex,
   isBlankTimeline,
 }: UseTimelineKpiProps): [boolean, TimelineKpiStrategyResponse | null] => {
@@ -96,7 +93,6 @@ export const useTimelineKpis = ({
     setTimelineKpiRequest((prevRequest) => {
       const myRequest = {
         ...(prevRequest ?? {}),
-        docValueFields,
         defaultIndex,
         timerange,
         filterQuery,
@@ -107,7 +103,7 @@ export const useTimelineKpis = ({
       }
       return prevRequest;
     });
-  }, [docValueFields, defaultIndex, timerange, filterQuery]);
+  }, [defaultIndex, timerange, filterQuery]);
 
   useEffect(() => {
     if (!isBlankTimeline) {
diff --git a/x-pack/plugins/security_solution/public/users/pages/navigation/all_users_query_tab_body.tsx b/x-pack/plugins/security_solution/public/users/pages/navigation/all_users_query_tab_body.tsx
index 0030391a2b54a..7c203d5920706 100644
--- a/x-pack/plugins/security_solution/public/users/pages/navigation/all_users_query_tab_body.tsx
+++ b/x-pack/plugins/security_solution/public/users/pages/navigation/all_users_query_tab_body.tsx
@@ -32,7 +32,6 @@ export const AllUsersQueryTabBody = ({
   setQuery,
   startDate,
   type,
-  docValueFields,
   deleteQuery,
 }: UsersComponentsQueryProps) => {
   const { toggleStatus } = useQueryToggle(QUERY_ID);
@@ -70,7 +69,6 @@ export const AllUsersQueryTabBody = ({
       search({
         filterQuery,
         defaultIndex: indexNames,
-        docValueFields,
         timerange: {
           interval: '12h',
           from: startDate,
@@ -80,18 +78,7 @@ export const AllUsersQueryTabBody = ({
         sort,
       });
     }
-  }, [
-    search,
-    startDate,
-    endDate,
-    filterQuery,
-    indexNames,
-    querySkip,
-    docValueFields,
-    activePage,
-    limit,
-    sort,
-  ]);
+  }, [search, startDate, endDate, filterQuery, indexNames, querySkip, activePage, limit, sort]);
 
   return (
     <UsersTableManage
diff --git a/x-pack/plugins/security_solution/public/users/pages/navigation/authentications_query_tab_body.tsx b/x-pack/plugins/security_solution/public/users/pages/navigation/authentications_query_tab_body.tsx
index 0187ee4ed0831..549e69f42f52a 100644
--- a/x-pack/plugins/security_solution/public/users/pages/navigation/authentications_query_tab_body.tsx
+++ b/x-pack/plugins/security_solution/public/users/pages/navigation/authentications_query_tab_body.tsx
@@ -22,7 +22,6 @@ export const AuthenticationsQueryTabBody = ({
   setQuery,
   startDate,
   type,
-  docValueFields,
   deleteQuery,
   userName,
 }: AuthenticationsUserTableProps) => {
@@ -47,7 +46,6 @@ export const AuthenticationsQueryTabBody = ({
         startDate={startDate}
         type={type}
         skip={skip}
-        docValueFields={docValueFields}
         userName={userName}
       />
     </>
diff --git a/x-pack/plugins/security_solution/public/users/pages/navigation/types.ts b/x-pack/plugins/security_solution/public/users/pages/navigation/types.ts
index aeac9326a1f93..4bc79174beba6 100644
--- a/x-pack/plugins/security_solution/public/users/pages/navigation/types.ts
+++ b/x-pack/plugins/security_solution/public/users/pages/navigation/types.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { DocValueFields } from '@kbn/timelines-plugin/common';
 import type { UsersTableType, UsersType } from '../../store/model';
 import type { GlobalTimeArgs } from '../../../common/containers/use_global_time';
 import type { ESTermQuery } from '../../../../common/typed_json';
@@ -22,7 +21,6 @@ export interface QueryTabBodyProps {
 
 export type UsersComponentsQueryProps = QueryTabBodyProps & {
   deleteQuery?: GlobalTimeArgs['deleteQuery'];
-  docValueFields?: DocValueFields[];
   indexNames: string[];
   skip: boolean;
   setQuery: GlobalTimeArgs['setQuery'];
diff --git a/x-pack/plugins/security_solution/public/users/pages/types.ts b/x-pack/plugins/security_solution/public/users/pages/types.ts
index b7af4c3c54d22..955b565b328a8 100644
--- a/x-pack/plugins/security_solution/public/users/pages/types.ts
+++ b/x-pack/plugins/security_solution/public/users/pages/types.ts
@@ -6,13 +6,11 @@
  */
 
 import type { Filter } from '@kbn/es-query';
-import type { DocValueFields } from '@kbn/timelines-plugin/common';
 import type { GlobalTimeArgs } from '../../common/containers/use_global_time';
 
 import type { usersModel } from '../store';
 
 export type UsersTabsProps = GlobalTimeArgs & {
-  docValueFields: DocValueFields[];
   filterQuery: string;
   pageFilters?: Filter[];
   indexNames: string[];
diff --git a/x-pack/plugins/security_solution/public/users/pages/users.tsx b/x-pack/plugins/security_solution/public/users/pages/users.tsx
index 9d567e7605074..1f87ec55f808d 100644
--- a/x-pack/plugins/security_solution/public/users/pages/users.tsx
+++ b/x-pack/plugins/security_solution/public/users/pages/users.tsx
@@ -102,7 +102,7 @@ const UsersComponent = () => {
     return filters;
   }, [severitySelection, tabName, filters]);
 
-  const { docValueFields, indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
+  const { indicesExist, indexPattern, selectedPatterns } = useSourcererDataView();
   const [filterQuery, kqlError] = useMemo(
     () =>
       convertToBuildEsQuery({
@@ -210,7 +210,6 @@ const UsersComponent = () => {
 
             <UsersTabs
               deleteQuery={deleteQuery}
-              docValueFields={docValueFields}
               filterQuery={tabsFilterQuery || ''}
               from={from}
               indexNames={selectedPatterns}
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
index 4b4f32259096b..650549b9a9c49 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
@@ -10,8 +10,7 @@ import type { IScopedClusterClient } from '@kbn/core/server';
 import type { JsonObject, JsonValue } from '@kbn/utility-types';
 import type { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types';
 import type { NodeID, TimeRange } from '../utils';
-import { docValueFields, validIDs } from '../utils';
-
+import { resolverFields, validIDs } from '../utils';
 interface DescendantsParams {
   schema: ResolverSchema;
   indexPatterns: string | string[];
@@ -26,11 +25,11 @@ export class DescendantsQuery {
   private readonly schema: ResolverSchema;
   private readonly indexPatterns: string | string[];
   private readonly timeRange: TimeRange;
-  private readonly docValueFields: JsonValue[];
   private readonly isInternalRequest: boolean;
+  private readonly resolverFields: JsonValue[];
 
   constructor({ schema, indexPatterns, timeRange, isInternalRequest }: DescendantsParams) {
-    this.docValueFields = docValueFields(schema);
+    this.resolverFields = resolverFields(schema);
     this.schema = schema;
     this.indexPatterns = indexPatterns;
     this.timeRange = timeRange;
@@ -40,7 +39,7 @@ export class DescendantsQuery {
   private query(nodes: NodeID[], size: number): JsonObject {
     return {
       _source: false,
-      docvalue_fields: this.docValueFields,
+      fields: this.resolverFields,
       size,
       collapse: {
         field: this.schema.id,
@@ -93,7 +92,7 @@ export class DescendantsQuery {
   private queryWithAncestryArray(nodes: NodeID[], ancestryField: string, size: number): JsonObject {
     return {
       _source: false,
-      docvalue_fields: this.docValueFields,
+      fields: this.resolverFields,
       size,
       collapse: {
         field: this.schema.id,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
index 8a224c1641577..039867c9760f7 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
@@ -9,7 +9,7 @@ import type { IScopedClusterClient } from '@kbn/core/server';
 import type { JsonObject, JsonValue } from '@kbn/utility-types';
 import type { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types';
 import type { NodeID, TimeRange } from '../utils';
-import { docValueFields, validIDs } from '../utils';
+import { validIDs, resolverFields } from '../utils';
 
 interface LifecycleParams {
   schema: ResolverSchema;
@@ -25,10 +25,10 @@ export class LifecycleQuery {
   private readonly schema: ResolverSchema;
   private readonly indexPatterns: string | string[];
   private readonly timeRange: TimeRange;
-  private readonly docValueFields: JsonValue[];
   private readonly isInternalRequest: boolean;
+  private readonly resolverFields: JsonValue[];
   constructor({ schema, indexPatterns, timeRange, isInternalRequest }: LifecycleParams) {
-    this.docValueFields = docValueFields(schema);
+    this.resolverFields = resolverFields(schema);
     this.schema = schema;
     this.indexPatterns = indexPatterns;
     this.timeRange = timeRange;
@@ -38,7 +38,7 @@ export class LifecycleQuery {
   private query(nodes: NodeID[]): JsonObject {
     return {
       _source: false,
-      docvalue_fields: this.docValueFields,
+      fields: this.resolverFields,
       size: nodes.length,
       collapse: {
         field: this.schema.id,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
index 0c5d0827b4a87..bbc70c5e6f711 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
 import type { ResolverSchema } from '../../../../../../common/endpoint/types';
 
 /**
@@ -21,15 +20,21 @@ export interface TimeRange {
 export type NodeID = string | number;
 
 /**
- * Returns the doc value fields filter to use in queries to limit the number of fields returned in the
- * query response.
- *
- * See for more info: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#docvalue-fields
+ * Returns valid IDs that can be used in a search.
  *
+ * @param ids array of ids
+ */
+export function validIDs(ids: NodeID[]): NodeID[] {
+  return ids.filter((id) => String(id) !== '');
+}
+
+/**
+ * Returns the resolver fields filter to use in queries to limit the number of fields returned in the
+ * query response.
  * @param schema is the node schema information describing how relationships are formed between nodes
  *  in the resolver graph.
  */
-export function docValueFields(schema: ResolverSchema): Array<{ field: string }> {
+export function resolverFields(schema: ResolverSchema): Array<{ field: string }> {
   const filter = [{ field: '@timestamp' }, { field: schema.id }, { field: schema.parent }];
   if (schema.ancestry) {
     filter.push({ field: schema.ancestry });
@@ -40,12 +45,3 @@ export function docValueFields(schema: ResolverSchema): Array<{ field: string }>
   }
   return filter;
 }
-
-/**
- * Returns valid IDs that can be used in a search.
- *
- * @param ids array of ids
- */
-export function validIDs(ids: NodeID[]): NodeID[] {
-  return ids.filter((id) => String(id) !== '');
-}
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts
index 17f083eeca9c1..c547f0a6ada3f 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts
@@ -5,8 +5,6 @@
  * 2.0.
  */
 
-import { isEmpty } from 'lodash/fp';
-
 import moment from 'moment';
 
 import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy';
@@ -57,7 +55,6 @@ const getHistogramAggregation = ({ from, to }: { from: string; to: string }) =>
 
 export const buildDnsHistogramQuery = ({
   defaultIndex,
-  docValueFields,
   filterQuery,
   isPtrIncluded = false,
   stackByField = 'dns.question.registered_domain',
@@ -81,7 +78,6 @@ export const buildDnsHistogramQuery = ({
     index: defaultIndex,
     ignore_unavailable: true,
     body: {
-      ...(!isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}),
       aggregations: {
         ...getCountAgg(),
         dns_name_query_count: {
diff --git a/x-pack/plugins/timelines/common/index.ts b/x-pack/plugins/timelines/common/index.ts
index 86d02d1883314..56ae9344254c2 100644
--- a/x-pack/plugins/timelines/common/index.ts
+++ b/x-pack/plugins/timelines/common/index.ts
@@ -46,7 +46,6 @@ export type {
   BrowserField,
   BrowserFields,
   CursorType,
-  DocValueFields,
   EqlOptionsData,
   EqlOptionsSelected,
   FieldsEqlOptions,
@@ -81,6 +80,5 @@ export {
   EntityType,
   LastEventIndexKey,
   EMPTY_BROWSER_FIELDS,
-  EMPTY_DOCVALUE_FIELD,
   EMPTY_INDEX_FIELDS,
 } from './search_strategy';
diff --git a/x-pack/plugins/timelines/common/search_strategy/common/index.ts b/x-pack/plugins/timelines/common/search_strategy/common/index.ts
index 6202e965894f0..63f43c936e77e 100644
--- a/x-pack/plugins/timelines/common/search_strategy/common/index.ts
+++ b/x-pack/plugins/timelines/common/search_strategy/common/index.ts
@@ -52,8 +52,6 @@ export interface PaginationInputPaginated {
   querySize: number;
 }
 
-export type DocValueFields = estypes.QueryDslFieldAndFormat;
-
 export interface TimerangeFilter {
   range: {
     [timestamp: string]: {
diff --git a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
index d14b346290a15..0d227fe595415 100644
--- a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
+++ b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
@@ -10,7 +10,7 @@ import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesW
 import type { IEsSearchRequest, IEsSearchResponse, FieldSpec } from '@kbn/data-plugin/common';
 import type { RuntimeField } from '@kbn/data-views-plugin/common';
 
-import type { DocValueFields, Maybe } from '../common';
+import type { Maybe } from '../common';
 
 export type BeatFieldsFactoryQueryType = 'beatFields';
 
@@ -76,5 +76,4 @@ export interface BrowserField {
 export type BrowserFields = Readonly<Record<string, Partial<BrowserField>>>;
 
 export const EMPTY_BROWSER_FIELDS = {};
-export const EMPTY_DOCVALUE_FIELD: DocValueFields[] = [];
 export const EMPTY_INDEX_FIELDS: FieldSpec[] = [];
diff --git a/x-pack/plugins/timelines/public/container/source/index.tsx b/x-pack/plugins/timelines/public/container/source/index.tsx
index cbe2158784913..dfb995d66be98 100644
--- a/x-pack/plugins/timelines/public/container/source/index.tsx
+++ b/x-pack/plugins/timelines/public/container/source/index.tsx
@@ -20,7 +20,6 @@ import * as i18n from './translations';
 import {
   BrowserField,
   BrowserFields,
-  DocValueFields,
   IndexField,
   IndexFieldsStrategyRequest,
   IndexFieldsStrategyResponse,
@@ -29,10 +28,8 @@ import { useAppToasts } from '../../hooks/use_app_toasts';
 
 const DEFAULT_BROWSER_FIELDS = {};
 const DEFAULT_INDEX_PATTERNS = { fields: [], title: '' };
-const DEFAULT_DOC_VALUE_FIELDS: DocValueFields[] = [];
 interface FetchIndexReturn {
   browserFields: BrowserFields;
-  docValueFields: DocValueFields[];
   indexes: string[];
   indexExists: boolean;
   indexPatterns: DataViewBase;
@@ -67,26 +64,6 @@ export const getBrowserFields = memoizeOne(
   (newArgs, lastArgs) => newArgs[0] === lastArgs[0]
 );
 
-export const getDocValueFields = memoizeOne(
-  (_title: string, fields: IndexField[]): DocValueFields[] =>
-    fields && fields.length > 0
-      ? fields.reduce<DocValueFields[]>((accumulator: DocValueFields[], field: IndexField) => {
-          if (field.readFromDocValues && accumulator.length < 100) {
-            return [
-              ...accumulator,
-              {
-                field: field.name,
-                format: field.format ? field.format : undefined,
-              },
-            ];
-          }
-          return accumulator;
-        }, [])
-      : [],
-  // Update the value only if _title has changed
-  (newArgs, lastArgs) => newArgs[0] === lastArgs[0]
-);
-
 export const getIndexFields = memoizeOne(
   (title: string, fields: IndexField[]): DataViewBase =>
     fields && fields.length > 0
@@ -112,7 +89,6 @@ export const useFetchIndex = (
 
   const [state, setState] = useState<FetchIndexReturn>({
     browserFields: DEFAULT_BROWSER_FIELDS,
-    docValueFields: DEFAULT_DOC_VALUE_FIELDS,
     indexes: indexNames,
     indexExists: true,
     indexPatterns: DEFAULT_INDEX_PATTERNS,
@@ -142,7 +118,6 @@ export const useFetchIndex = (
 
                 setState({
                   browserFields: getBrowserFields(stringifyIndices, response.indexFields),
-                  docValueFields: getDocValueFields(stringifyIndices, response.indexFields),
                   indexes: response.indicesExist,
                   indexExists: response.indicesExist.length > 0,
                   indexPatterns: getIndexFields(stringifyIndices, response.indexFields),
diff --git a/x-pack/plugins/timelines/public/mock/browser_fields.ts b/x-pack/plugins/timelines/public/mock/browser_fields.ts
index e38a435d1a4fb..1e6afa11fa138 100644
--- a/x-pack/plugins/timelines/public/mock/browser_fields.ts
+++ b/x-pack/plugins/timelines/public/mock/browser_fields.ts
@@ -6,7 +6,6 @@
  */
 
 import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import type { DocValueFields } from '../../common/search_strategy';
 import type { BrowserFields } from '../../common/search_strategy/index_fields';
 
 const DEFAULT_INDEX_PATTERN = [
@@ -815,17 +814,6 @@ export const mockBrowserFields: BrowserFields = {
   },
 };
 
-export const mockDocValueFields: DocValueFields[] = [
-  {
-    field: '@timestamp',
-    format: 'date_time',
-  },
-  {
-    field: 'event.end',
-    format: 'date_time',
-  },
-];
-
 export const mockRuntimeMappings: MappingRuntimeFields = {
   '@a.runtime.field': {
     script: {
diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts
index fadc295a51a59..c73d36a15d40c 100644
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts
@@ -10,7 +10,6 @@ import { buildEqlDsl, parseEqlResponse } from './helpers';
 import { eventsResponse, sequenceResponse } from './__mocks__';
 const defaultArgs = {
   defaultIndex: ['logs-endpoint.events*'],
-  docValueFields: [],
   runtimeMappings: {},
   fieldRequested: [
     '@timestamp',
diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts
index aa098648d86fd..aa54114e04d72 100644
--- a/x-pack/test/api_integration/apis/security_solution/authentications.ts
+++ b/x-pack/test/api_integration/apis/security_solution/authentications.ts
@@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
           querySize: 1,
         },
         defaultIndex: ['auditbeat-*'],
-        docValueFields: [],
         stackByField: AuthStackByField.userName,
         sort: { field: 'timestamp', direction: Direction.asc },
         filterQuery: '',
@@ -84,7 +83,6 @@ export default function ({ getService }: FtrProviderContext) {
           querySize: 2,
         },
         defaultIndex: ['auditbeat-*'],
-        docValueFields: [],
         stackByField: AuthStackByField.userName,
         sort: { field: 'timestamp', direction: Direction.asc },
         filterQuery: '',
diff --git a/x-pack/test/api_integration/apis/security_solution/events.ts b/x-pack/test/api_integration/apis/security_solution/events.ts
index 0d8ce4d88c30a..c5a4ba97fc478 100644
--- a/x-pack/test/api_integration/apis/security_solution/events.ts
+++ b/x-pack/test/api_integration/apis/security_solution/events.ts
@@ -14,7 +14,7 @@ import {
   TimelineEventsAllStrategyResponse,
 } from '@kbn/security-solution-plugin/common/search_strategy';
 import { FtrProviderContext } from '../../ftr_provider_context';
-import { getDocValueFields, getFieldsToRequest, getFilterValue } from './utils';
+import { getFieldsToRequest, getFilterValue } from './utils';
 
 const TO = '3000-01-01T00:00:00.000Z';
 const FROM = '2000-01-01T00:00:00.000Z';
@@ -34,7 +34,6 @@ export default function ({ getService }: FtrProviderContext) {
 
   const getPostBody = (): JsonObject => ({
     defaultIndex: ['auditbeat-*'],
-    docValueFields: getDocValueFields(),
     factoryQueryType: TimelineEventsQueries.all,
     entityType: 'events',
     fieldRequested: getFieldsToRequest(),
diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
index 15ff856b29221..d1ae827c535a3 100644
--- a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
+++ b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
@@ -64,7 +64,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -84,7 +83,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -168,7 +166,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['auditbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -188,7 +185,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['auditbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts
index 8c9e3e3229585..446797d993294 100644
--- a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts
+++ b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts
@@ -88,7 +88,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -107,7 +106,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -126,7 +124,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -145,7 +142,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -164,7 +160,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -184,7 +179,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -235,7 +229,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -254,7 +247,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -273,7 +265,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -293,7 +284,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -312,7 +302,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_users.ts b/x-pack/test/api_integration/apis/security_solution/kpi_users.ts
index 154321b1b2eef..20861f8856c83 100644
--- a/x-pack/test/api_integration/apis/security_solution/kpi_users.ts
+++ b/x-pack/test/api_integration/apis/security_solution/kpi_users.ts
@@ -46,7 +46,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['filebeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -86,7 +85,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['auditbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts
index 50722c39476c6..f418536d5d744 100644
--- a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts
+++ b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts
@@ -44,7 +44,6 @@ export default function ({ getService }: FtrProviderContext) {
           supertest,
           options: {
             defaultIndex: ['large_volume_dns_data'],
-            docValueFields: [],
             factoryQueryType: MatrixHistogramQuery,
             histogramType: MatrixHistogramType.dns,
             filterQuery:
diff --git a/x-pack/test/api_integration/apis/security_solution/network_dns.ts b/x-pack/test/api_integration/apis/security_solution/network_dns.ts
index ed3be02d8cc29..194394fbe3ae5 100644
--- a/x-pack/test/api_integration/apis/security_solution/network_dns.ts
+++ b/x-pack/test/api_integration/apis/security_solution/network_dns.ts
@@ -38,7 +38,6 @@ export default function ({ getService }: FtrProviderContext) {
           supertest,
           options: {
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             factoryQueryType: NetworkQueries.dns,
             filterQuery:
               '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
@@ -69,7 +68,6 @@ export default function ({ getService }: FtrProviderContext) {
             ip: '151.205.0.17',
             defaultIndex: ['packetbeat-*'],
             factoryQueryType: NetworkQueries.dns,
-            docValueFields: [],
             inspect: false,
             pagination: {
               activePage: 0,
diff --git a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts
index 783ef2efe907a..4e4d60f437f62 100644
--- a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts
+++ b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts
@@ -55,7 +55,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -95,7 +94,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -135,7 +133,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -170,7 +167,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/overview_host.ts b/x-pack/test/api_integration/apis/security_solution/overview_host.ts
index 3c14b4f91d86c..1cf7e9cc0b598 100644
--- a/x-pack/test/api_integration/apis/security_solution/overview_host.ts
+++ b/x-pack/test/api_integration/apis/security_solution/overview_host.ts
@@ -59,7 +59,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/overview_network.ts b/x-pack/test/api_integration/apis/security_solution/overview_network.ts
index 51398a1e396ec..9fd5b107fa5f2 100644
--- a/x-pack/test/api_integration/apis/security_solution/overview_network.ts
+++ b/x-pack/test/api_integration/apis/security_solution/overview_network.ts
@@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -95,7 +94,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -137,7 +135,6 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/tls.ts b/x-pack/test/api_integration/apis/security_solution/tls.ts
index 5949a3b85c2a7..501cff3b1095d 100644
--- a/x-pack/test/api_integration/apis/security_solution/tls.ts
+++ b/x-pack/test/api_integration/apis/security_solution/tls.ts
@@ -115,7 +115,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 10,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -145,7 +144,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 10,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -184,7 +182,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 10,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -214,7 +211,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 10,
             },
             defaultIndex: ['packetbeat-*'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/uncommon_processes.ts b/x-pack/test/api_integration/apis/security_solution/uncommon_processes.ts
index 0278852b80672..eaacd6edf7e05 100644
--- a/x-pack/test/api_integration/apis/security_solution/uncommon_processes.ts
+++ b/x-pack/test/api_integration/apis/security_solution/uncommon_processes.ts
@@ -52,7 +52,6 @@ export default function ({ getService }: FtrProviderContext) {
             querySize: 1,
           },
           defaultIndex: ['auditbeat-uncommon-processes'],
-          docValueFields: [],
           inspect: false,
         },
         strategy: 'securitySolutionSearchStrategy',
@@ -79,7 +78,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 2,
             },
             defaultIndex: ['auditbeat-uncommon-processes'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
@@ -108,7 +106,6 @@ export default function ({ getService }: FtrProviderContext) {
               querySize: 1,
             },
             defaultIndex: ['auditbeat-uncommon-processes'],
-            docValueFields: [],
             inspect: false,
           },
           strategy: 'securitySolutionSearchStrategy',
diff --git a/x-pack/test/api_integration/apis/security_solution/users.ts b/x-pack/test/api_integration/apis/security_solution/users.ts
index f9c0cda614a7f..b04a3595b0a05 100644
--- a/x-pack/test/api_integration/apis/security_solution/users.ts
+++ b/x-pack/test/api_integration/apis/security_solution/users.ts
@@ -46,7 +46,6 @@ export default function ({ getService }: FtrProviderContext) {
               from: FROM,
             },
             defaultIndex: ['auditbeat-users'],
-            docValueFields: [],
             ip: IP,
             flowTarget: FlowTarget.destination,
             sort: { field: NetworkUsersFields.name, direction: Direction.asc },
diff --git a/x-pack/test/api_integration/apis/security_solution/utils.ts b/x-pack/test/api_integration/apis/security_solution/utils.ts
index 0c8406480a4fd..f5e65c6da3e7c 100644
--- a/x-pack/test/api_integration/apis/security_solution/utils.ts
+++ b/x-pack/test/api_integration/apis/security_solution/utils.ts
@@ -8,7 +8,7 @@
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { TransportResult } from '@elastic/elasticsearch';
 import type { Client } from '@elastic/elasticsearch';
-import { JsonObject, JsonArray } from '@kbn/utility-types';
+import { JsonObject } from '@kbn/utility-types';
 
 export async function getSavedObjectFromES<T>(
   es: Client,
@@ -102,318 +102,3 @@ export const getFieldsToRequest = (): string[] => [
   'host.os.family',
   'event.code',
 ];
-
-/**
- * https://www.elastic.co/guide/en/elasticsearch/reference/7.12/search-fields.html#docvalue-fields
- * Use the docvalue_fields parameter to get values for selected fields.
- * This can be a good choice when returning a fairly small number of fields that support doc values,
- * such as keywords and dates.
- */
-export const getDocValueFields = (): JsonArray => [
-  {
-    field: '@timestamp',
-  },
-  {
-    field: 'agent.ephemeral_id',
-  },
-  {
-    field: 'agent.id',
-  },
-  {
-    field: 'agent.name',
-  },
-  {
-    field: 'agent.type',
-  },
-  {
-    field: 'agent.version',
-  },
-  {
-    field: 'as.number',
-  },
-  {
-    field: 'as.organization.name',
-  },
-  {
-    field: 'client.address',
-  },
-  {
-    field: 'client.as.number',
-  },
-  {
-    field: 'client.as.organization.name',
-  },
-  {
-    field: 'client.bytes',
-    format: 'bytes',
-  },
-  {
-    field: 'client.domain',
-  },
-  {
-    field: 'client.geo.city_name',
-  },
-  {
-    field: 'client.geo.continent_name',
-  },
-  {
-    field: 'client.geo.country_iso_code',
-  },
-  {
-    field: 'client.geo.country_name',
-  },
-  {
-    field: 'client.geo.location',
-  },
-  {
-    field: 'client.geo.name',
-  },
-  {
-    field: 'client.geo.region_iso_code',
-  },
-  {
-    field: 'client.geo.region_name',
-  },
-  {
-    field: 'client.ip',
-  },
-  {
-    field: 'client.mac',
-  },
-  {
-    field: 'client.nat.ip',
-  },
-  {
-    field: 'client.nat.port',
-    format: 'string',
-  },
-  {
-    field: 'client.packets',
-  },
-  {
-    field: 'client.port',
-    format: 'string',
-  },
-  {
-    field: 'client.registered_domain',
-  },
-  {
-    field: 'client.top_level_domain',
-  },
-  {
-    field: 'client.user.domain',
-  },
-  {
-    field: 'client.user.email',
-  },
-  {
-    field: 'client.user.full_name',
-  },
-  {
-    field: 'client.user.group.domain',
-  },
-  {
-    field: 'client.user.group.id',
-  },
-  {
-    field: 'client.user.group.name',
-  },
-  {
-    field: 'client.user.hash',
-  },
-  {
-    field: 'client.user.id',
-  },
-  {
-    field: 'client.user.name',
-  },
-  {
-    field: 'cloud.account.id',
-  },
-  {
-    field: 'cloud.availability_zone',
-  },
-  {
-    field: 'cloud.instance.id',
-  },
-  {
-    field: 'cloud.instance.name',
-  },
-  {
-    field: 'cloud.machine.type',
-  },
-  {
-    field: 'cloud.provider',
-  },
-  {
-    field: 'cloud.region',
-  },
-  {
-    field: 'code_signature.exists',
-  },
-  {
-    field: 'code_signature.status',
-  },
-  {
-    field: 'code_signature.subject_name',
-  },
-  {
-    field: 'code_signature.trusted',
-  },
-  {
-    field: 'code_signature.valid',
-  },
-  {
-    field: 'container.id',
-  },
-  {
-    field: 'container.image.name',
-  },
-  {
-    field: 'container.image.tag',
-  },
-  {
-    field: 'container.name',
-  },
-  {
-    field: 'container.runtime',
-  },
-  {
-    field: 'destination.address',
-  },
-  {
-    field: 'destination.as.number',
-  },
-  {
-    field: 'destination.as.organization.name',
-  },
-  {
-    field: 'destination.bytes',
-    format: 'bytes',
-  },
-  {
-    field: 'destination.domain',
-  },
-  {
-    field: 'destination.geo.city_name',
-  },
-  {
-    field: 'destination.geo.continent_name',
-  },
-  {
-    field: 'destination.geo.country_iso_code',
-  },
-  {
-    field: 'destination.geo.country_name',
-  },
-  {
-    field: 'destination.geo.location',
-  },
-  {
-    field: 'destination.geo.name',
-  },
-  {
-    field: 'destination.geo.region_iso_code',
-  },
-  {
-    field: 'destination.geo.region_name',
-  },
-  {
-    field: 'destination.ip',
-  },
-  {
-    field: 'destination.mac',
-  },
-  {
-    field: 'destination.nat.ip',
-  },
-  {
-    field: 'destination.nat.port',
-    format: 'string',
-  },
-  {
-    field: 'destination.packets',
-  },
-  {
-    field: 'destination.port',
-    format: 'string',
-  },
-  {
-    field: 'destination.registered_domain',
-  },
-  {
-    field: 'destination.top_level_domain',
-  },
-  {
-    field: 'destination.user.domain',
-  },
-  {
-    field: 'destination.user.email',
-  },
-  {
-    field: 'destination.user.full_name',
-  },
-  {
-    field: 'destination.user.group.domain',
-  },
-  {
-    field: 'destination.user.group.id',
-  },
-  {
-    field: 'destination.user.group.name',
-  },
-  {
-    field: 'destination.user.hash',
-  },
-  {
-    field: 'destination.user.id',
-  },
-  {
-    field: 'destination.user.name',
-  },
-  {
-    field: 'dll.code_signature.exists',
-  },
-  {
-    field: 'dll.code_signature.status',
-  },
-  {
-    field: 'dll.code_signature.subject_name',
-  },
-  {
-    field: 'dll.code_signature.trusted',
-  },
-  {
-    field: 'dll.code_signature.valid',
-  },
-  {
-    field: 'dll.hash.md5',
-  },
-  {
-    field: 'dll.hash.sha1',
-  },
-  {
-    field: 'dll.hash.sha256',
-  },
-  {
-    field: 'dll.hash.sha512',
-  },
-  {
-    field: 'dll.name',
-  },
-  {
-    field: 'dll.path',
-  },
-  {
-    field: 'dll.pe.company',
-  },
-  {
-    field: 'dll.pe.description',
-  },
-  {
-    field: 'dll.pe.file_version',
-  },
-  {
-    field: 'dll.pe.original_file_name',
-  },
-];
diff --git a/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts b/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
index 828be46bd484a..5ab0bb94d1383 100644
--- a/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
+++ b/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
@@ -69,20 +69,6 @@ export default ({ getService }: FtrProviderContext) => {
   const getPostBody = (): JsonObject => ({
     defaultIndex: ['.alerts-*'],
     entityType: 'alerts',
-    docValueFields: [
-      {
-        field: '@timestamp',
-      },
-      {
-        field: ALERT_RULE_CONSUMER,
-      },
-      {
-        field: ALERT_UUID,
-      },
-      {
-        field: 'event.kind',
-      },
-    ],
     factoryQueryType: TimelineEventsQueries.all,
     fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_UUID, 'event.kind'],
     fields: [],
diff --git a/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts b/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
index 7b2ea3d2cc1b7..89a5f6d7df442 100644
--- a/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
+++ b/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
@@ -78,11 +78,6 @@ export default ({ getService }: FtrProviderContext) => {
   const getPostBody = (): JsonObject => ({
     defaultIndex: ['.alerts-*'],
     entityType: 'alerts',
-    docValueFields: [
-      {
-        field: '@timestamp',
-      },
-    ],
     factoryQueryType: TimelineEventsQueries.all,
     fieldRequested: ['@timestamp'],
     fields: [],