Hi,
sorry, I'm talking about custom metrics here, which are exposed via /metrics endpoint and scrapped by Prometheus before they are pushed to Elastic using Prometheus integration (remote-write feature) Prometheus | Documentation.
For alert rules, the best we managed to come up with is to aggregate the data using DSL query, which seems to give us correct values when aggregated into buckets using 'date_histogram' aggregation. But we didn't find a way to utilize these value in an alert rule.
The problem that we're trying to solve here is calculating the increase value of time-series counter metrics that we get from Prometheus and then fire an alert when this increase in counter value exceeds a certain numeric threshold.