Skip to content

Commit 46e3f4e

Browse files
Update solutions/observability/incident-management/create-metric-threshold-rule.md
1 parent a661f09 commit 46e3f4e

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

solutions/observability/incident-management/create-metric-threshold-rule.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,10 @@ When you select **Alert me if there’s no data**, the rule is triggered if the
4848
The **Filters** control the scope of the rule. If used, the rule will only evaluate metric data that matches the query in this field. In this example, the rule will only alert on metrics reported from a Cloud region called `us-east`.
4949

5050
::::{note}
51-
Filters that you've added to the rule using the [create rule API](https://www.elastic.co/docs/api/doc/kibana/operation/operation-post-alerting-rule-id) won't appear in the UI when you're editing a rule. If you want to modify these filters, you must manually re-add them by entering a KQL query in the rule's **Filter** field.
51+
If you've made a rule with the [create rule API](https://www.elastic.co/docs/api/doc/kibana/operation/operation-post-alerting-rule-id) and added Query DSL filters using the `filterQuery` parameter, the filters won't appear in the UI for editing a rule. As a workaround, manually re-add the filters through the UI and save the rule. As you're modifying the rule's filters from the UI, be mindful of the following:
52+
53+
- The **Filter** field only accepts KQL syntax, meaning you may need to manually convert your Query DSL filters to KQL.
54+
- After you save the rule, filters you've added to the **Filter** field are converted appropriately and specified in the rule's `filterQuery` parameter.
5255
::::
5356

5457
The **Group alerts by** creates an instance of the alert for every unique value of the `field` added. For example, you can create a rule per host or every mount point of each host. You can also add multiple fields. In this example, the rule will individually track the status of each `host.name` in your infrastructure. You will only receive an alert about `host-1`, if `host.name: host-1` passes the threshold, but `host-2` and `host-3` do not.

0 commit comments

Comments
 (0)