diff --git a/x-pack/test/api_integration/apis/security_solution/events.ts b/x-pack/test/api_integration/apis/security_solution/events.ts
index 283f173054601..50ba0069ed958 100644
--- a/x-pack/test/api_integration/apis/security_solution/events.ts
+++ b/x-pack/test/api_integration/apis/security_solution/events.ts
@@ -470,41 +470,53 @@ export default function ({ getService }: FtrProviderContext) {
       });
     });
 
-    it.skip('Make sure that we get Timeline data using the hunter role and do not receive observability alerts', async () => {
+    it.only('Make sure that we get Timeline data using the hunter role and do not receive observability alerts', async () => {
       await retry.try(async () => {
+        const requestBody = {
+          defaultIndex: ['.alerts*'], // query both .alerts-observability-apm and .alerts-security-solution
+          docValueFields: [{ field: '*' }],
+          factoryQueryType: TimelineEventsQueries.all,
+          fieldRequested: FIELD_REQUESTED,
+          fields: [],
+          filterQuery: {
+            bool: {
+              filter: [
+                {
+                  match_all: {},
+                },
+              ],
+            },
+          },
+          pagination: {
+            activePage: 0,
+            querySize: 25,
+          },
+          language: 'kuery',
+          sort: [
+            {
+              field: '@timestamp',
+              direction: Direction.desc,
+              type: 'number',
+            },
+          ],
+          timerange: {
+            from: FROM,
+            to: TO,
+            interval: '12h',
+          },
+        };
+        console.error('REQUEST BODY', JSON.stringify(requestBody, null, 2));
         const resp = await supertestWithoutAuth
           .post('/internal/search/securitySolutionTimelineSearchStrategy/')
           .auth(secOnly.username, secOnly.password)
           .set('kbn-xsrf', 'true')
           .set('Content-Type', 'application/json')
-          .send({
-            defaultIndex: ['.alerts*'], // query both .alerts-observability-apm and .alerts-security-solution
-            docValueFields: DOC_VALUE_FIELDS,
-            factoryQueryType: TimelineEventsQueries.all,
-            fieldRequested: FIELD_REQUESTED,
-            fields: [],
-            filterQuery: FILTER_VALUE,
-            pagination: {
-              activePage: 0,
-              querySize: 25,
-            },
-            language: 'kuery',
-            sort: [
-              {
-                field: '@timestamp',
-                direction: Direction.desc,
-                type: 'number',
-              },
-            ],
-            timerange: {
-              from: FROM,
-              to: TO,
-              interval: '12h',
-            },
-          })
-          .expect(200);
+          .send(requestBody);
+        // .expect(200);
+        console.error('WHAT IS THE RESP', JSON.stringify(resp, null, 2));
 
         const timeline = resp.body;
+        console.error('TIMELINE', JSON.stringify(timeline, null, 2));
 
         expect(timeline.totalCount).to.be(1);
       });