I am trying to alert against a large set of indices covered by the Indicator Index Pattern. These indices go back 3 years so there is a lot of data. When activated the alerting rule requires a lot of system resources and so is not practical to use.
Is there a guide to optimizing alerting?
Can the processing be spread across nodes or does it just occur on a Kibana instance?
Are there any tweaks that can help with querying against a large set of indicators?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.