[Security Solution] Show warning if rule contains any index patterns that match no indices #180865
Labels
enhancement
New value added to drive a business result
Team:Detection Engine
Security Solution Detection Engine Area
Currently, if the rule has an index pattern with only non-existing indices - we show the warning:
existing index and a non-existing index
all privileges
limited privileges
this warning is a bit misleading, and will be fixed in this PR
Proposal
But probably makes sense to show some sort of warning if the index pattern contains a non-existing index, as it can lead to confusion by the user.
if there was a typo in the index pattern, and the rule runs successfully but does not query some indices in the index pattern it can not generate results excepted from the rule, and it's hard to catch because there is no indication of that.
The text was updated successfully, but these errors were encountered: