When an alert is triggered in Elastic, is there a way to directly use the alert ID to query all events or logs associated with that specific alert?
I know it’s possible to query using the rule conditions, but this approach might lead to inaccurate results by including unrelated data.
I’m looking for an API or other method to directly retrieve events or logs tied to the specific alert after it’s triggered, without relying solely on rule-based conditions.
Any guidance or suggestions would be greatly appreciated!