mlollo

Yes, same behavior with 1.41.0. I have this empty response for `GET /logs-example*/_search` : ``` {"took":1,"timed_out":false,"_shards":{"total":0,"successful":0,"skipped":0,"failed":0},"hits":{"total":{"value":0,"relation":"eq"},"max_score":0.0,"hits":[]}} ```

It works when I specify the exact name of the data stream : `GET /logs-example-202206/_search` And with the rule : ``` - name: '::B16a-myrule::' actions: - indices:data/read/* - cluster:monitor/main groups:...

Thank you for your response I tried to enable debug logs : ``` [1725833192-634080377#10908] Discovered indices: logs-example* checking request: 1725833192-634080377#10908 ``` Various attempt to match a block ``` Attempting Login...

For people that have tried this before docker version 19.03.4 here some tests. I think the docker team did some changes on the FORWARD chain on docker 19.03.4 (released in...