Skip to content

[Website]: Contradictory statement "The Alerts page always shows data from .alerts-security.alerts-default" #4456

New issue
New issue
Open
Open
[Website]: Contradictory statement "The Alerts page always shows data from .alerts-security.alerts-default"#4456
Labels
Team:ExperienceIssues owned by the Experience Docs Teamsource:webIssues originating from the elastic.co docs
@stuartMoorhouse

Description

@stuartMoorhouse
stuartMoorhouse
opened on Dec 25, 2025

Type of issue

Inaccurate

What documentation page is affected

https://www.elastic.co/docs/solutions/security/get-started/data-views-elastic-security

What happened?

This page states that "The Alerts page always shows data from .alerts-security.alerts-default".

However, elsewhere in the documentation it is stated that the Alerts page shows data from .alerts-security.alerts-<current-space>, which will only be .alerts-security.alerts-default if the user is in the Default Space.

Statements contradicting that the Alerts page will always show data from .alerts-security.alerts-default can be found in these other pages:

  • "By default, alerts created by detection rules are stored in Elasticsearch indices under the .alerts-security.alerts-<space-name> index pattern" Spaces and Elastic Security
  • "Elastic Security stores alerts that have been generated by detection rules in hidden Elasticsearch indices. The index pattern is .alerts-security.alerts-<space-id->" Alert schema
  • "We recommend querying the .alerts-security.alerts-<space-id> index alias" Query alert indices

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:ExperienceIssues owned by the Experience Docs Teamsource:webIssues originating from the elastic.co docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions