From 760e85e4fb6d365b9c629e39c4d8691f13113037 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 26 Jan 2024 13:38:47 -0800 Subject: [PATCH 1/4] First draft --- docs/getting-started/data-views-in-sec.asciidoc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index b4462c83d1..4381eb4710 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -18,15 +18,16 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the [discrete] == Create or modify a {data-source} -You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns. +To learn how to permanently modify the default "Security Data View", refer to <>. + +To learn how to permanently modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. + +You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns. image::images/dataview-filter-example.gif[video showing how to filter the active data view] This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab. -To permanently modify a {data-source}, delete an existing {data-source} or create a new one, you need the required permissions. -To learn more, refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. - [discrete] [[default-data-view-security]] == The default {data-source} From c1bf4be44616357cc9a0995603b87668d51461a5 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 30 Jan 2024 09:53:35 -0800 Subject: [PATCH 2/4] incorporates feedback --- docs/getting-started/data-views-in-sec.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index 4381eb4710..6437ddcc2d 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -28,6 +28,8 @@ image::images/dataview-filter-example.gif[video showing how to filter the active This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab. +NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`. + [discrete] [[default-data-view-security]] == The default {data-source} From f87a1d6a7c6fcfcc88aaf23fa8ea774643e168a4 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Tue, 30 Jan 2024 13:36:55 -0800 Subject: [PATCH 3/4] Update docs/getting-started/data-views-in-sec.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/getting-started/data-views-in-sec.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index 6437ddcc2d..6dafccfdf4 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -20,7 +20,7 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the To learn how to permanently modify the default "Security Data View", refer to <>. -To learn how to permanently modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. +To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}]. You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns. From 964f6682208d7588b54ea1fcdfbc29c129c20bc5 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Tue, 30 Jan 2024 13:37:04 -0800 Subject: [PATCH 4/4] Update docs/getting-started/data-views-in-sec.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/getting-started/data-views-in-sec.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc index 6dafccfdf4..50d4248761 100644 --- a/docs/getting-started/data-views-in-sec.asciidoc +++ b/docs/getting-started/data-views-in-sec.asciidoc @@ -18,7 +18,7 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the [discrete] == Create or modify a {data-source} -To learn how to permanently modify the default "Security Data View", refer to <>. +To learn how to modify the default **Security Default Data View**, refer to <>. To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].