Hello!
I have a simple question that I can't seem to find the answer to. If I select 24 hours as the Kibana monitor schedule, when the extraction query for the alert is run, will it catch everything that met the condition within the last 24 hours and condense that into one alert or will it only alert if there's something that's meeting the alert condition at the time it's run? Basically, does it check over the last 24 hours (or however long the interval schedule is) or just that instant?
If I only want one alert every 24 hours regardless of how many times a condition is met, I'm trying to determine if it's better put the monitor on a 24 hour schedule or run more often (say every minute) and throttle actions to only trigger every 24 hours.
Any advice or insight is appreciated!