elastic · nastasha-solomon · Oct 30, 2025 · Oct 28, 2025 · Oct 28, 2025 · Oct 29, 2025
@@ -47,6 +47,10 @@ When you select **Alert me if there’s no data**, the rule is triggered if the
 
 The **Filters** control the scope of the rule. If used, the rule will only evaluate metric data that matches the query in this field. In this example, the rule will only alert on metrics reported from a Cloud region called `us-east`.
 
+::::{note}
+Filters that you've added to the rule using the [create rule API](https://www.elastic.co/docs/api/doc/kibana/operation/operation-post-alerting-rule-id) won't appear in the UI when you're editing a rule. If you want to modify these filters, you must manually re-add them by entering a KQL query in the rule's **Filter** field.
+::::
+
 The **Group alerts by** creates an instance of the alert for every unique value of the `field` added. For example, you can create a rule per host or every mount point of each host. You can also add multiple fields. In this example, the rule will individually track the status of each `host.name` in your infrastructure. You will only receive an alert about `host-1`, if `host.name: host-1` passes the threshold, but `host-2` and `host-3` do not.
 
 When you select **Alert me if a group stops reporting data**, the rule is triggered if a group that previously reported metrics does not report them again over the expected time period.