[Response Ops][Alerting] Strip unnecessary fields when updating alert mappings #211630
Description
In the upgrade to the 9.0 ES client, the deprecated body field has been removed and we encountered this issue that occurs during index mapping updates to the alert indices during startup that occurs because we simulate the update and then take the output of the simulate and use it in the subsequent PUT mapping call. For datastreams, the simulate output returns a data_stream_timestamp field that is unrecognized in the PUT mapping call. While this is a bug in the ES client, perhaps we should also be stricter about which field from the simulate output we're passing through to avoid similar issues in the future.