It seems like there might be a syntax or configuration issue with your combined filters in the ES rule. Double-check the filter logic and make sure it's correctly formatted to ensure the rule works as intended. AC Football Cases
Thank you both so much for the detailed responses! I've taken some time to digest the proposed solution, and have got it implemented. I'm happy to report that I can now see data in that chart! I'm about to push some data through to see if the alerts fire up.
You guys are right, it looks like my issue was with the index pattern. Under discover, I switched data view from APM to (rum-data-view),traces-apm,apm-,logs-apm,apm-,metrics-apm,apm-*. Confirmed that I can still see my data. I then used the same index patterns for Infrastructure > Setttings > Metric Indices. Retested again and saw that the chart had populated!
I'll do a final report back when I see the alert fire up. One thing to note here though is that including APM (without space) didn't seem to work. I've always thought the index pattern I pasted and APM were the same enough (as they seem to be under discover, but I guess they're really not).
Again, thank you so much. This is the most progress we've made on this in weeks
Also that side note sounds great @simianhacker. I'm excited to see that
Happy to report that I'm getting my alerts! Thank you so much