[8.x] [Serverless][8.16] Logs request during preview rule execution (backport #5871) (#5938)

mergify[bot] · nastasha-solomon · github-actions[bot] · web-flow · commit 9297e1028ad6 · 2024-10-17T10:17:45.000-04:00
* [Serverless][8.16] Logs request during preview rule execution (#5871) * First draft * Serverless first draft * Update docs/detections/rules-ui-create.asciidoc * Fixing typos * Update docs/detections/rules-ui-create.asciidoc * Update docs/detections/rules-ui-create.asciidoc * Vitalii's input * Updated anchor text * Updated title * Minor changes * Removed extra the * Fix conflict * Update docs/detections/rules-ui-create.asciidoc Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com> * Update docs/detections/rules-ui-create.asciidoc * Vitalii's feedback round 2 * var fixes * Active voice * Update docs/detections/rules-ui-create.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/serverless/rules/rules-ui-create.mdx Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/detections/rules-ui-create.asciidoc * Update docs/serverless/rules/rules-ui-create.mdx * Update docs/serverless/rules/rules-ui-create.mdx * Update slug * slugslugslug --------- Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com> Co-authored-by: Joe Peeples <joe.peeples@elastic.co> (cherry picked from commit 61b4a66) # Conflicts: # docs/serverless/rules/rules-ui-create.mdx * Delete docs/serverless directory and its contents --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
diff --git a/docs/detections/rules-ui-create.asciidoc b/docs/detections/rules-ui-create.asciidoc
@@ -820,3 +820,21 @@ TIP: Avoid setting long time ranges with short rule intervals, or the rule previ
 
 * To close the preview, click the *Rule preview* button again.
 
+[discrete]
+[[view-rule-es-queries]]
+==== View your rule's {es} queries (optional)
+
+NOTE: This option is only offered for {esql} and event correlation rules.
+
+When previewing a rule, you can also learn about its {es} queries, which are submitted when the rule runs. This information can help you identify and troubleshoot potential rule issues. You can also use it to confirm that your rule is retrieving the expected data.   
+
+To learn more about your rule's {es} queries, preview its results and do the following:
+
+. Select the **Show {es} requests, ran during rule executions** option below the preview's date and time picker. The **Preview logged results** section displays under the histogram and alerts table. 
+. Click the **Preview logged results** section to expand it. Within the section, each rule execution is shown on an individual row. 
+. Expand each row to learn more about the {es} queries that the rule submits each time it executes. The following details are provided:
+** When the rule execution started, and how long it took to complete
+** A brief explanation of what the {es} queries do
+** The actual {es} queries that the rule submits to indices containing events that are used during the rule execution  
++
+TIP: Run the queries in {kibana-ref}/console-kibana.html[Console] to determine if your rule is retrieving the expected data. For example, to test your rule’s exceptions, run the rule’s {es} queries, which will also contain exceptions added to the rule. If your rule’s exceptions are working as intended, the query will not return events that should be ignored.
