Create a rule / alert using dashboard formula

Samuele_Lolli · February 23, 2024, 8:25am

Hi, i need to create an alert using the rule page but im not able to replicate the formula that im using on the dashboard.
Someone can help me?

unique_count(event.metadata.correlationId, kql='
event.metadata.tracePoint : "END"  
and ((event.logMessage : MESSAGE*) or (event.logMessage : "MESSAGE"))') / unique_count(event.metadata.correlationId,
kql='event.metadata.tracePoint : "START"  
and event.logMessage : MESSAGE*')

Thanks in advance

system · March 22, 2024, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Threshold rule : how to? Elastic Security	3	2204	February 28, 2022
Kibana, unique or distinct count alerting Kibana elastic-stack-alerting	6	1630	March 20, 2021
Creating alert for custom dashboard Kibana elastic-stack-alerting	3	1142	January 19, 2021
[ threat intelligence ]: Display the number of alerts generated by a specific rule Kibana canvas	2	328	February 5, 2021
Rules don't create alert when value 0 or index not exist Kibana elastic-stack-alerting	4	536	February 10, 2022

Create a rule / alert using dashboard formula

Related topics