From f3e7adf120baf0d88ed4f04ed451d0cd46633fef Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:59:04 -0500 Subject: [PATCH 1/3] Documents how to change the default security index (#4695) * First draft * incorporates feedback * Update docs/getting-started/data-views-in-sec.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/getting-started/data-views-in-sec.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 225f3c8d8733403093095daeda9cdcc66d54db08) # Conflicts: # docs/getting-started/data-views-in-sec.asciidoc --- docs/getting-started/data-views-in-sec.asciidoc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index 56092e58ab..f19b2655bd 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -18,14 +18,21 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the [discrete] == Create or modify a {data-source} +<<<<<<< HEAD You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns. +======= +To learn how to modify the default **Security Default Data View**, refer to <>. + +To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. + +You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns. +>>>>>>> 225f3c8 (Documents how to change the default security index (#4695)) image::images/dataview-filter-example.gif[video showing how to filter the active data view] This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab. -To permanently modify a {data-source}, delete an existing {data-source} or create a new one, you need the required permissions. -To learn more, refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. +NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`. [discrete] [[default-data-view-security]] From 5909de17a17026d254a9d209e0764c5341a83651 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:45:15 -0800 Subject: [PATCH 2/3] Update docs/getting-started/data-views-in-sec.asciidoc --- docs/getting-started/data-views-in-sec.asciidoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index f19b2655bd..9a68681d5b 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -18,9 +18,6 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the [discrete] == Create or modify a {data-source} -<<<<<<< HEAD -You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns. -======= To learn how to modify the default **Security Default Data View**, refer to <>. To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. From 829469b60507b92d1e261a4473aa40f9942a3406 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:45:26 -0800 Subject: [PATCH 3/3] Update docs/getting-started/data-views-in-sec.asciidoc --- docs/getting-started/data-views-in-sec.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index 9a68681d5b..50d4248761 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -23,7 +23,6 @@ To learn how to modify the default **Security Default Data View**, refer to <>>>>>> 225f3c8 (Documents how to change the default security index (#4695)) image::images/dataview-filter-example.gif[video showing how to filter the active data view]