From c6d9e29c0e58515b8e3e566a4cae8349a87b1ce4 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:59:04 -0500
Subject: [PATCH 1/3] Documents how to change the default security index
 (#4695)

* First draft

* incorporates feedback

* Update docs/getting-started/data-views-in-sec.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/getting-started/data-views-in-sec.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

---------

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
(cherry picked from commit 225f3c8d8733403093095daeda9cdcc66d54db08)

# Conflicts:
#	docs/getting-started/data-views-in-sec.asciidoc
---
 docs/getting-started/data-views-in-sec.asciidoc | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index 56092e58ab..eb0dae533e 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -18,14 +18,21 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the
 [discrete]
 == Create or modify a {data-source}
 
+<<<<<<< HEAD
 You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns.
+=======
+To learn how to modify the default **Security Default Data View**, refer to <<update-sec-indices, Update default {elastic-sec} indices>>.
+
+To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
+
+You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns.
+>>>>>>> 225f3c8d (Documents how to change the default security index (#4695))
 
 image::images/dataview-filter-example.gif[video showing how to filter the active data view]
 
 This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab.
 
-To permanently modify a {data-source}, delete an existing {data-source} or create a new one, you need the required permissions.
-To learn more, refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
+NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`.
 
 [discrete]
 [[default-data-view-security]]

From b4a571ae7790d8991269e38cea022d7d86a7367a Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:42:01 -0800
Subject: [PATCH 2/3] Update docs/getting-started/data-views-in-sec.asciidoc

---
 docs/getting-started/data-views-in-sec.asciidoc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index eb0dae533e..b12975223e 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -18,9 +18,6 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the
 [discrete]
 == Create or modify a {data-source}
 
-<<<<<<< HEAD
-You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns.
-=======
 To learn how to modify the default **Security Default Data View**, refer to <<update-sec-indices, Update default {elastic-sec} indices>>.
 
 To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].

From d0757d1f0edf81b6d88f2c2d07e13852df2262de Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:42:12 -0800
Subject: [PATCH 3/3] Update docs/getting-started/data-views-in-sec.asciidoc

---
 docs/getting-started/data-views-in-sec.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index b12975223e..50d4248761 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -23,7 +23,6 @@ To learn how to modify the default **Security Default Data View**, refer to <<up
 To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
 
 You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns.
->>>>>>> 225f3c8d (Documents how to change the default security index (#4695))
 
 image::images/dataview-filter-example.gif[video showing how to filter the active data view]