Hi I have a weird issue when use kquery in detection rules. I use a simple query to match a field and triggering action for that but the rule will not be triggered while its query is matching in the specified interval. I could see that the query is matching in the "preview result" pane but on the…

Detection rule kquery will not trigger but the query match

aditi_salunke (aditi salunke) May 29, 2021, 4:56pm 3

I am facing kinda same issue. Can you please help

Here is the link of issue:

Topic		Replies	Views
EQL rules do not work but see hits SIEM kql-kibana-query-language , eql-elastic-query-language	3	642	March 14, 2022
Rule hits visible in preview, but no alerts triggered Elastic Security	5	1297	November 27, 2021
Rules not triggering alerts Elastic Security detection-rules	6	3194	October 19, 2021
Problem with Detections - Custom query rule SIEM	10	678	September 8, 2022
Create Alert from index data Kibana elastic-stack-alerting	5	1567	August 16, 2022

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Detection rule kquery will not trigger but the query match

Related topics