[docs] Alerting - index patterns => data views (#115613)

* [user docs - index patterns] index pattern => data view (#110421) * index patterns => data views * maps docs changes * add alerting docs * Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * cleanup Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
2025-04-24 01:38:56 -04:00 · 2021-11-10 14:41:01 -06:00 · 2021-11-10 14:41:01 -06:00 · 145ce01ea7
commit 145ce01ea7
parent bde802fed6
3 changed files with 7 additions and 7 deletions
--- a/docs/user/alerting/rule-types/es-query.asciidoc
+++ b/docs/user/alerting/rule-types/es-query.asciidoc
@ -17,7 +17,7 @@ Define properties to detect the condition.
 [role="screenshot"]
 image::user/alerting/images/rule-types-es-query-conditions.png[Five clauses define the condition to detect]

-Index:: This clause requires an *index or index pattern* and a *time field* that will be used for the *time window*.
+Index:: This clause requires an *index or data view* and a *time field* that will be used for the *time window*.
 Size:: This clause specifies the number of documents to pass to the configured actions when the the threshold condition is met.
 {es} query:: This clause specifies the ES DSL query to execute. The number of documents that match this query will be evaluated against the threshold
 condition. Aggregations are not supported at this time. 
--- a/docs/user/alerting/rule-types/geo-rule-types.asciidoc
+++ b/docs/user/alerting/rule-types/geo-rule-types.asciidoc
@ -10,17 +10,17 @@ In the event that an entity is contained within a boundary, an alert may be gene
 ==== Requirements
 To create a Tracking containment rule, the following requirements must be present:

- *Tracks index or index pattern*: An index containing a `geo_point` field, `date` field,
+- *Tracks index or data view*: An index containing a `geo_point` field, `date` field,
 and some form of entity identifier. An entity identifier is a `keyword` or `number`
 field that consistently identifies the entity to be tracked. The data in this index should be dynamically
 updating so that there are entity movements to alert upon.
- *Boundaries index or index pattern*: An index containing `geo_shape` data, such as boundary data and bounding box data.
+- *Boundaries index or data view*: An index containing `geo_shape` data, such as boundary data and bounding box data.
 This data is presumed to be static (not updating). Shape data matching the query is
 harvested once when the rule is created and anytime after when the rule is re-enabled
 after disablement.

 By design, current interval entity locations (_current_ is determined by `date` in
-the *Tracked index or index pattern*) are queried to determine if they are contained
+the *Tracked index or data view*) are queried to determine if they are contained
 within any monitored boundaries. Entity
 data should be somewhat "real time", meaning the dates of new documents aren’t older
 than the current time minus the amount of the interval. If data older than
@ -39,13 +39,13 @@ as well as 2 Kuery bars used to provide additional filtering context for each of
 [role="screenshot"]
 image::user/alerting/images/alert-types-tracking-containment-conditions.png[Five clauses define the condition to detect]

-Index (entity):: This clause requires an *index or index pattern*, a *time field* that will be used for the *time window*, and a *`geo_point` field* for tracking.
+Index (entity):: This clause requires an *index or data view*, a *time field* that will be used for the *time window*, and a *`geo_point` field* for tracking.
 When entity:: This clause specifies which crossing option to track. The values
 *Entered*, *Exited*, and *Crossed* can be selected to indicate which crossing conditions
 should trigger a rule. *Entered* alerts on entry into a boundary, *Exited* alerts on exit
 from a boundary, and *Crossed* alerts on all boundary crossings whether they be entrances
 or exits.
-Index (Boundary):: This clause requires an *index or index pattern*, a *`geo_shape` field*
+Index (Boundary):: This clause requires an *index or data view*, a *`geo_shape` field*
 identifying boundaries, and an optional *Human-readable boundary name* for better alerting
 messages.

--- a/docs/user/alerting/rule-types/index-threshold.asciidoc
+++ b/docs/user/alerting/rule-types/index-threshold.asciidoc
@ -17,7 +17,7 @@ Define properties to detect the condition.
 [role="screenshot"]
 image::user/alerting/images/rule-types-index-threshold-conditions.png[Five clauses define the condition to detect]

-Index:: This clause requires an *index or index pattern* and a *time field* that will be used for the *time window*.
+Index:: This clause requires an *index or data view* and a *time field* that will be used for the *time window*.
 When:: This clause specifies how the value to be compared to the threshold is calculated. The value is calculated by aggregating a numeric field a the *time window*. The aggregation options are: `count`, `average`, `sum`, `min`, and `max`. When using `count` the document count is used, and an aggregation field is not necessary. 
 Over/Grouped Over:: This clause lets you configure whether the aggregation is applied over all documents, or should be split into groups using a grouping field. If grouping is used, an  <<alerting-concepts-alerts, alert>> will be created for each group when it exceeds the threshold. To limit the number of alerts on high cardinality fields, you must specify the number of groups to check against the threshold. Only the *top* groups are checked.
 Threshold:: This clause defines a threshold value and a comparison operator  (one of `is above`, `is above or equals`, `is below`, `is below or equals`, or `is between`). The result of the aggregation is compared to this threshold.