I want to set up an alert in Kibana Observability where if the number of records returned for event.dataset: login and event.outcome: failure is greater than 10 for the past minute, then set the alert rule to active.
I'm not sure which rule type I'm supposed to use for that. I read that there is an Index Threshold Rule Type: Index threshold | Kibana Guide [8.5] | Elastic . But I don't see it available in my Kibana version 8.5, see this screenshot.
Alerts which are available in Observability UI is only a subset of all available alerts in Kibana. To see the whole list, please navigate to Stack Management > Rules page.
There is also "Elasticsearch query" type that might fit your use case. You can choose from 2 configuration options: via DSL query or via KQL/Lucene and UI controls:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
