Wazuh plugin not able to recognize a manually created index pattern

[LegitMigue]

Wazuh	Elastic	Rev
4.0.4	7.9.3	Wazuh APP 4016

Description
Hello team. We are facing an issue after upgrading from Wazuh ELK 3.12.1- to 4.0.4-7.9.3. wazuh-alerts-* index pattern fields quantity is not accurate. It shows 390 fields and there should be more than 800 fields. If we refresh the index pattern it will get the correct number but after a few moments, it will revert back to 390.
We do not use any custom template nor any custom setting except for the number of shards and replicas.
Multiple instances of Filebeats are running from different clusters of Wazuh managers. All of them use the same template and wazuh module.

Attached Wazuh Template:
wazuh-template.zip

Steps to reproduce

1. Upgrade to 4.0.4-7.9.3
2. Go to Kibana -> Index patterns -> wazuh-alerts-*

Screenshots

[LegitMigue]

The cause of the issue has been identified. It occurs when the wazuh-alerts-* index pattern is created manually. This will create the index pattern using a random ID provided by Kibana. This makes Wazuh APP not able to find the index pattern, as it will use the index pattern ID to search for the name of the index pattern.

For a workaround: Create the wazuh-alerts-* index pattern setting its custom ID with the same value as its name (wazuh-alerts-*)

[frankeros]

We can't prevent this action when a user creates an index pattern manually, but we could notify the user that the selected index pattern has a random ID and some actions could experiments issues in order to avoid the misknowledge about the problem

[Desvelao]

Errors found

Branch: fix/2958-problems-index-pattern-different-id

• Security events table (Discover component) is not working
• Agents preview AngularJS controller (pattern variable). Agents evolution visualization
• GenericRequest service (pattern header)
• Visualizations in Management > Cluster
• Visualizations in Management > Statistics