[alerting_exception] Invalid owner field when try to save Alerting Monitor

Versions
winlogbeat 7.12.1 oss
OpenSearch 2.18.0
Dashboard 2.18.0
Server OS - Windows server 2022
Browser - Mozilla Firefox

Describe the issue:

I want to use opensearch to collect windows event log , by using winlogbeat i can send logs to opensearch (it work), then use the alertig system with sigma rules for windows to analyze and send a message through webhook, i’m able to define all and send test message, but when try to save, receive the message on dashboard:

[alerting_exception] Invalid owner field

Configuration:
winlogbeat.yml

winlogbeat.event_logs:

  - name: ForwardedEvents

setup.template.name: "windowsserver2idx"
setup.template.pattern: "windowsserver2idx-*"
setup.template.overwrite: false

setup.template.settings:
  index.number_of_shards: 1
  
output.elasticsearch:
  hosts: ["localhost:9200"]
  index: "windowsserver2idx-%{+yyyy.MM}"
  protocol: "https"
  ssl.certificate: esnode.pem
  ssl.key: esnode-key.pem
  ssl.certificate_authorities: [root-ca.pem]
  username: admin
  password: Password123!

logging.to_files: true
logging.files:
  path: C:\winlogbeat-7.12.1\logs
logging.level: debug

. opensearch.yml

compatibility.override_main_response_version: true
plugins.security.ssl.transport.pemcert_filepath: esnode.pem
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: esnode.pem
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn: ['CN=admin,OU=client,O=client,L=test,C=de']
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: [all_access, security_rest_api_access]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [.plugins-ml-agent, .plugins-ml-config, .plugins-ml-connector,
  .plugins-ml-controller, .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task,
  .plugins-ml-conversation-meta, .plugins-ml-conversation-interactions, .plugins-ml-memory-meta,
  .plugins-ml-memory-message, .plugins-ml-stop-words, .opendistro-alerting-config,
  .opendistro-alerting-alert*, .opendistro-anomaly-results*, .opendistro-anomaly-detector*,
  .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, .opendistro-reports-*,
  .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, .ql-datasources,
  .opendistro-asynchronous-search-response*, .replication-metadata-store, .opensearch-knn-models,
  .geospatial-ip2geo-data*, .plugins-flow-framework-config, .plugins-flow-framework-templates,
  .plugins-flow-framework-state]
node.max_local_storage_nodes: 3
logger.org.opensearch: info

-opensearch_dashboard.yml

 opensearch.hosts: [https://localhost:9200]
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.multitenancy.enable_filter: false