Skip to content

Commit fe039f3

Browse files
nastasha-solomonnastasha-solomon
committed
Data views and Elastic Security
1 parent 4a1c055 commit fe039f3

File tree

5 files changed

+5
-64
lines changed

5 files changed

+5
-64
lines changed

images/security-dataview-filter-example copy.gif

-1.18 MB
Binary file not shown.

images/serverless--getting-started-dataview-button-highlighted.png

-62.3 KB
Binary file not shown.

images/serverless--getting-started-dataview-filter-example.gif

-1.18 MB
Binary file not shown.

raw-migrated-files/docs-content/serverless/security-data-views-in-sec.md

Lines changed: 0 additions & 50 deletions
This file was deleted.

solutions/security/get-started/data-views-elastic-security.md

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,18 +4,7 @@ mapped_urls:
44
- https://www.elastic.co/guide/en/serverless/current/security-data-views-in-sec.html
55
---
66

7-
# Data views and Elastic Security
8-
9-
% What needs to be done: Lift-and-shift
10-
11-
% Use migrated content from existing pages that map to this page:
12-
13-
% - [x] ./raw-migrated-files/security-docs/security/data-views-in-sec.md
14-
% - [ ] ./raw-migrated-files/docs-content/serverless/security-data-views-in-sec.md
15-
16-
% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
17-
18-
$$$default-data-view-security$$$
7+
# {{data-sources-ca[]}} and {{elastic-sec}} [security-data-views-in-sec]
198

209
{{data-sources-cap}} determine what data displays on {{elastic-sec}} pages with event or alert data. {{data-sources-cap}} are defined by the index patterns they include. Only data from {{es}} [indices](/manage-data/data-store/index-basics.md), [data streams](/manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html) specified in the active {{data-source}} will appear.
2110

@@ -25,7 +14,7 @@ Custom indices are not included in the [default {{data-source}}](/solutions/secu
2514

2615

2716

28-
## Switch to another {{data-source}} [_switch_to_another_data_source]
17+
## Switch to another {{data-source}} [security-data-views-in-sec-switch-to-another-data-source]
2918

3019
You can tell which {{data-source}} is active by clicking the **{{data-source-cap}}** menu at the upper right of {{elastic-sec}} pages that display event or alert data, such as Overview, Alerts, Timelines, or Hosts. To switch to another {{data-source}}, click **Choose {{data-source}}**, select one of the options, and click **Save**.
3120

@@ -34,7 +23,7 @@ You can tell which {{data-source}} is active by clicking the **{{data-source-cap
3423
:::
3524

3625

37-
## Create or modify a {{data-source}} [_create_or_modify_a_data_source]
26+
## Create or modify a {{data-source}} [security-data-views-in-sec-create-or-modify-a-data-source]
3827

3928
To learn how to modify the default **Security Default Data View**, refer to [Update default {{elastic-sec}} indices](/solutions/security/get-started/configure-advanced-settings.md#update-sec-indices).
4029

@@ -60,6 +49,8 @@ The default {{data-source}} is defined by the `securitySolution:defaultIndex` se
6049

6150
The first time a user visits {{elastic-sec}} within a given {{kib}} [space](/deploy-manage/manage-spaces.md), the default {{data-source}} generates in that space and becomes active.
6251

52+
% Needs annotation to show that it's only applicable to ESS
53+
6354
::::{note}
6455
Your {{kib}} space must have **Data View Management** [feature visibility](/deploy-manage/manage-spaces.md#spaces-control-feature-visibility) setting enabled for the default {{data-source}} to generate and become active in your space.
6556
::::

0 commit comments

Comments
 (0)