CPS: Document space-level CPS scope for alerting rules#5427
Merged
nastasha-solomon merged 19 commits intocps-tech-previewfrom Mar 23, 2026
Merged
CPS: Document space-level CPS scope for alerting rules#5427nastasha-solomon merged 19 commits intocps-tech-previewfrom
nastasha-solomon merged 19 commits intocps-tech-previewfrom
Conversation
Add a section explaining that alerting rules use the space-level CPS scope (not a per-rule setting), and that the project picker is read-only on rule pages. Closes #688 Made-with: Cursor
Contributor
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
Add a new section explaining that when CPS is active, the data view creation form automatically lists indices from linked projects based on the current CPS scope, with no opt-in required. Closes #687 Made-with: Cursor
Made-with: Cursor
…lified expressions - Index listing from linked projects only works from CPS-enabled apps (Discover, Dashboards, Lens, Maps), not from Stack Management - Add note about Stack Management limitation - Incorporate qualified expressions content (from MW's config PR) - Add link to search expressions reference Made-with: Cursor
Made-with: Cursor
- Clarify scope selector is read-only when opening a rule (not on list page) - Narrow project routing claim to ES|QL rules only (verified against codebase) - Replace placeholder comment with real link on Observability rules page - Add scope selector and space config link to Security detection rules page - Fix trailing whitespace in anomaly detection note Made-with: Cursor
Contributor
|
@florent-leborgne just an FYI that I'm trying to verify whether it's just ES|QL rules that support CPS, or all rule types across Stack, Observability, and Security. |
yctercero
reviewed
Mar 17, 2026
yctercero
reviewed
Mar 17, 2026
solutions/security/detect-and-alert/cross-project-search-detection-rules.md
Show resolved
Hide resolved
nastasha-solomon
approved these changes
Mar 17, 2026
charlotte-hoblik
approved these changes
Mar 18, 2026
Contributor
|
Will address requested changes in a separate PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new "Cross-project search scope for rules" section to the alerting rules page (
create-manage-rules.md), explaining that:This reflects the actual implementation, which differs from the original issue description (no per-rule CPS scope selector).
Closes elastic/docs-content-internal#688
Test plan
explore-analyze/alerting/alerts/create-manage-rulesapplies_totags render properly (serverless preview / stack unavailable)Generative AI disclosure
Tool(s) and model(s) used: Claude (Cursor)
Made with Cursor