How to add client.ip to Alarm "stack by"?

VellayLoket · April 12, 2022, 1:40am

In the "Alerts" section, in the "Stack by" field, I see many fields other than the one I need (client.ip). How to add a field to this list?

spong · April 12, 2022, 1:12pm

What version are you on @VellayLoket? Looks like this was changed to a free field selection in 8.1, so from that version forward you can just type whichever field you want

Added in this PR: [Security Solution] Alerts visualization free field selection by kqualters-elastic · Pull Request #120610 · elastic/kibana · GitHub

https://user-images.githubusercontent.com/56408403/145041383-51adce61-fa24-4c50-b7cc-7f79f608f6df.gif(image larger than 4 MB)

Cheers!
Garrett

system · May 10, 2022, 1:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Alert Index Threshold and Log Threshold Host.ip Fields Kibana elastic-stack-alerting	5	330	April 13, 2023
Alert Message Data Kibana 8.3 Kibana elastic-stack-alerting	1	331	November 2, 2022
Kibana SIEM "External Alert" SIEM	4	1740	April 16, 2020
Elasticsearch query type alert in kibana alerts Kibana elastic-stack-alerting	6	609	June 24, 2021
Additional Fields Kibana	2	627	February 11, 2020

How to add client.ip to Alarm "stack by"?

Related topics