Create detectors on datastream

Enyce · December 8, 2023, 10:02am

Anyone ever succed to create a detectors on a datastream ?

While putting the ‘.ds-winlogbeat-*’ index pattern, it triggers an error with:

[security_analytics_exception] null cannot be cast to non-null type kotlin.collections.MutableMap<kotlin.String, kotlin.Any>

adn77 · December 8, 2023, 9:23pm

I just use winlogbeat as the index name. The data stream name is basically an alias for a bunch of indices.

Enyce · December 9, 2023, 7:16pm

putting my datasteam alias index gives me:

[2023-12-09T19:31:53,582][ERROR][o.o.a.t.TransportIndexMonitorAction] [prd-siem-clusrer-node-1] failed to index doc level queries monitor w7sQUIwBTJLvaV9jlY-1. deleting monitor

Enyce · December 16, 2023, 6:39pm

Up

system · February 14, 2024, 6:40pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"null cannot be cast to non-null type" creating a detector Security Analytics troubleshoot	8	227	December 8, 2024
Best practices for daily-roated-indexes Security Analytics	3	39	April 27, 2025
Trouble with mappings, detectors, and alerts Security Analytics	14	290	April 15, 2025
Security Analytics error when using Datastreams Security Analytics	7	908	September 29, 2024
Exception creating detector Security Analytics	6	615	May 26, 2023

Create detectors on datastream

Related topics