elasticmachine
commented
4 months ago Pinging @elastic/response-ops (Team:ResponseOps)
Open benakansara opened 4 months ago
elasticmachine
commented
4 months ago Pinging @elastic/response-ops (Team:ResponseOps)
mikecote
commented
4 months ago cc @shanisagiv1
jasonrhodes
commented
4 months ago @kobelb I think this is the ticket we spoke about, if you want to take a look and see about prioritizing?
There have been a few requests where users would like to know the exact query ran or time range used that triggered the alert. In one of the recent SDH, customer needed to validate the documents that generated alert, but currently it's not possible to know exact documents that were used to generate alerts because time range or query is not available easily. To access the query, user needs to enable logging on kibana server. An ER has been created to provide exact timerange for each rule execution.
In this ticket, we would like to log the queries of each rule execution as part of the event log / rule execution history. Having whole query will cover the time range and provide additional information to investigate the issue.