Index Threshold Alert Filter #129596
Labels
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
stratoula
added
the
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
Hi @andystroz, thank you for your enhancement request. We've been tracking the filtering feature under #66046. I've copied your use case into it, so we do not forget. So I will close this issue in favour of #66046. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
The alert rule 'Index Threshold' should have a box like the 'Elastic Search Query' that lets you specify a query that scopes the aggregation being done.
Describe a specific use case for the feature:
I have an index with logs from multiple deployments being dumped in it that all have the field "deployment". I would like to specify different rules for certain deployments while using the 'Index Threshold' alerting rule. There is currently no way to filter your results before Grouping.
The text was updated successfully, but these errors were encountered: