I am trying to add some filters to one of the created rules in kibana 8.6.
Before adding any filters, it is showing that there are 173 monitors as indicated below:
When I add one filter only, the outcome changes of course, which is perfect. The below screenshot indicates the filter outcome:
Now, I am trying to add more conditions in this filter to be more specific. So, I added a second condition as indicated below:
Could I know the reason behind this??
The UI is using monitor.name to compute those results, not the identifiers you you need to check your data sources.
I'd suggest to create a Data View from the monitor data stream or indices, and check with Lens or Discover to ensure that the issue is at the alerting form. Are you sure your query is correct and those queries outside of the form return the same cardinality?
In my case (version 8.8.0 of the stack) I created a Data View joining data from the different Synthetics data streams:
And with that I can use Lens to generate a simple metric to count the different monitor.name values on my streams for the last 3 hours
And the queries run as expected:
Conistent with the alerting UI:
and with the same filter
Hope it helps!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
