mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
d282c328f9
# Backport This will backport the following commits from `main` to `8.x`: - [[OpenAPI][ResponseOps] Edit descriptions for alerting rule API examples (#194080)](https://github.com/elastic/kibana/pull/194080) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Lisa Cawley","email":"lcawley@elastic.co"},"sourceCommit":{"committedDate":"2024-09-27T16:45:44Z","message":"[OpenAPI][ResponseOps] Edit descriptions for alerting rule API examples (#194080)","sha":"539ad61d377f8982f3358b1a753be45408c4998c","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Alerting","release_note:skip","v9.0.0","docs","v8.16.0","backport:version"],"title":"[OpenAPI][ResponseOps] Edit descriptions for alerting rule API examples","number":194080,"url":"https://github.com/elastic/kibana/pull/194080","mergeCommit":{"message":"[OpenAPI][ResponseOps] Edit descriptions for alerting rule API examples (#194080)","sha":"539ad61d377f8982f3358b1a753be45408c4998c"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194080","number":194080,"mergeCommit":{"message":"[OpenAPI][ResponseOps] Edit descriptions for alerting rule API examples (#194080)","sha":"539ad61d377f8982f3358b1a753be45408c4998c"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Lisa Cawley <lcawley@elastic.co>
38 lines
No EOL
1.1 KiB
YAML
38 lines
No EOL
1.1 KiB
YAML
summary: Elasticsearch query rule (DSL)
|
|
description: >
|
|
Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.
|
|
value:
|
|
actions:
|
|
- group: query matched
|
|
params:
|
|
level: info
|
|
message: "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
|
|
id: fdbece50-406c-11ee-850e-c71febc4ca7f
|
|
frequency:
|
|
throttle: "1d"
|
|
summary: true
|
|
notify_when: onThrottleInterval
|
|
- group: recovered
|
|
params:
|
|
level: info
|
|
message: Recovered
|
|
id: fdbece50-406c-11ee-850e-c71febc4ca7f
|
|
frequency:
|
|
summary: false
|
|
notify_when: onActionGroupChange
|
|
consumer: alerts
|
|
name: my Elasticsearch query rule
|
|
params:
|
|
esQuery: '"""{"query":{"match_all" : {}}}"""'
|
|
index:
|
|
- kibana_sample_data_logs
|
|
size: 100
|
|
threshold:
|
|
- 100
|
|
thresholdComparator: ">"
|
|
timeField: "@timestamp"
|
|
timeWindowSize: 1
|
|
timeWindowUnit: d
|
|
rule_type_id: .es-query
|
|
schedule:
|
|
interval: 1d |