Hi I have a weird issue when use kquery in detection rules. I use a simple query to match a field and triggering action for that but the rule will not be triggered while its query is matching in the specified interval. I could see that the query is matching in the "preview result" pane but on the…

Detection rule kquery will not trigger but the query match

aditi_salunke (aditi salunke) May 29, 2021, 4:56pm 3

I am facing kinda same issue. Can you please help

Here is the link of issue:

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.