Two questions about Kibana alarms

fgjensen · June 3, 2022, 6:22am

Hi

Could you, please, help with two issues about Kibana alarms?

The tags I can add to a rule when creating a rule from the Rules and Connectors page seem to be integrated with the tags I can create from the Kibana Tags menu? The tags from Kibana tags can be attached to Kibana objects, so I expect tags created while editing a rule also was create in Kibana tags and visa versa.
How do I get access to terms in the documents returned to the rule by an Elasticsearch query, so I can write the values out in the message? I would like to write like this in the message Log level: {{context.log.level}} as an example assuming the query returns one document. It would also be useful to be able to iterate over the returned documents.

Best regards
Flemming

jsanz · June 29, 2022, 1:15pm

The rule tags are not related with the Kibana tags, as far as I know
Check the context.hits variable and all the rest of the variables available for that rule type. You have there an example on how to iterate over hits using the Mustache templating system

hope it helps

system · July 27, 2022, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.