Kibana rules/alerts "If alert matches a query" not working for custom fields

arislawrence · September 21, 2023, 11:54pm

Elasticsearch, Kibana, Logstash and Beats using version 8.9.1 or 8.10.1

When creating Kibana rules for Log threshold or Metric threshold, the "If alert matches a query" defined is a custom fields, it will not process the action - Webhook but will still trigger the alert.

Adding the filter in the "Condition" and removing it from the "If alert matches a query" will work.

How can i achieve this inside the Actions instead of creating multiple Rules? Thanks

system · October 19, 2023, 11:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alerting Issue - Can't Save Rule after turning off Match Query Kibana elastic-stack-alerting	0	11	August 13, 2024
Exact match on log message field Kibana elastic-stack-alerting	6	2716	February 22, 2022
Kibana Elastic Search Alerting not firing Kibana elastic-stack-alerting	2	489	July 27, 2021
Need help with creating Kibana Alert Elasticsearch elastic-stack-alerting , elastic-stack-sql	9	1532	May 17, 2021
Problem with Detections - Custom query rule SIEM	10	678	September 8, 2022

Kibana rules/alerts "If alert matches a query" not working for custom fields

Related topics