Two questions about Kibana alarms

fgjensen · June 3, 2022, 6:22am

Hi

Could you, please, help with two issues about Kibana alarms?

The tags I can add to a rule when creating a rule from the Rules and Connectors page seem to be integrated with the tags I can create from the Kibana Tags menu? The tags from Kibana tags can be attached to Kibana objects, so I expect tags created while editing a rule also was create in Kibana tags and visa versa.
How do I get access to terms in the documents returned to the rule by an Elasticsearch query, so I can write the values out in the message? I would like to write like this in the message Log level: {{context.log.level}} as an example assuming the query returns one document. It would also be useful to be able to iterate over the returned documents.

Best regards
Flemming

jsanz · June 29, 2022, 1:15pm

The rule tags are not related with the Kibana tags, as far as I know
Check the context.hits variable and all the rest of the variables available for that rule type. You have there an example on how to iterate over hits using the Mustache templating system

hope it helps

system · July 27, 2022, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Show the Value of tags When Using Server Log Connector Elastic Observability elastic-stack-alerting	6	476	January 19, 2023
How do I query for a tag in Kibana? Kibana	12	14171	March 9, 2018
Kibana alert Kibana elastic-stack-alerting	1	246	December 22, 2022
Kibana Rules Authentication when Creator leaves Project Kibana elastic-stack-alerting	5	185	November 24, 2022
Data tagging options in Kibana Kibana	3	690	May 14, 2018