I get an error when trying to create a detection rule

Ruslan1 · February 22, 2026, 12:07am

I have data sent by auditbeat version 8.15.5. They enter the datastream with the following settings:

{
  ".ds-logs-auditbeat-8.5.0-000001": {
    "settings": {
      "index": {
        "replication": {
          "type": "DOCUMENT"
        },
        "hidden": "true",
        "number_of_shards": "1",
        "provided_name": ".ds-logs-auditbeat-8.5.0-000001",
        "creation_date": "1771409911411",
        "number_of_replicas": "0",
        "uuid": "z8hoJ9fDRCqErxkJc9BKHA",
        "version": {
          "created": "137267827"
        }
      }
    }
  }
}

{
  "data_streams": [
    {
      "name": "logs-auditbeat-8.5.0",
      "timestamp_field": {
        "name": "@timestamp"
      },
      "indices": [
        {
          "index_name": ".ds-logs-auditbeat-8.5.0-000001",
          "index_uuid": "z8hoJ9fDRCqErxkJc9BKHA"
        }
      ],
      "generation": 1,
      "status": "GREEN",
      "template": "logs-auditbeat-8.5.0"
    }
  ]
}

Anthony · February 23, 2026, 10:10am

@Ruslan1 Can you provide more details please. What error are you getting? Do you only see it in UI or in opensearch logs too? Can you provide a copy of the error?

Topic		Replies	Views
Problem when creating a detection rule Security Analytics	3	19	February 19, 2026
Detector with Linux System Logs Type does not detect its rule Security Analytics configure , alerting , index-management	12	273	September 29, 2024
Security Analytics error when using Datastreams Security Analytics	7	989	September 29, 2024
Trouble with mappings, detectors, and alerts Security Analytics	22	1322	October 20, 2025
Create detectors on datastream Security Analytics	4	298	February 14, 2024

I get an error when trying to create a detection rule

Related topics