Skip to content

[Request][Serverless][8.16] Document the new kibana.alert.rule.execution.type field being added for manual runs #5922

New issue
New issue
Closed
#5940
Closed
[Request][Serverless][8.16] Document the new kibana.alert.rule.execution.type field being added for manual runs#5922
#5940
Assignees
nastasha-solomon
Labels
Docset: ESSIssues that apply to docs in the Stack releaseDocset: ServerlessIssues for Serverless SecurityEffort: SmallIssues that can be resolved quicklyFeature: RulesPriority: HighIssues that are time-sensitive and/or are of high customer importanceTeam: Detection Enginev8.16.0
@nastasha-solomon

Description

@nastasha-solomon
nastasha-solomon
opened on Oct 14, 2024

Description

The kibana.alert.rule.execution.type field conveys whether an alert was created by a manual run or a scheduled run. With the introduction of this field, the kibana.alert.intended_timestamp field will now show the same value as the same as @timestamp field.

Misc. notes:

  • The field can have two values: manual or scheduled
  • The field type is...
  • Will need to doc field in the alert schema table for Serverless and ESS. See Slack for how the kibana.alert.intended_timestamp field description should be updated.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.16

Serverless release

Tuesday, October 22, 2024

Feature differences

N/A

API docs impact

TBD

Prerequisites, privileges, feature flags

N/A

Metadata

Metadata

Assignees

Labels

Docset: ESSIssues that apply to docs in the Stack releaseDocset: ServerlessIssues for Serverless SecurityEffort: SmallIssues that can be resolved quicklyFeature: RulesPriority: HighIssues that are time-sensitive and/or are of high customer importanceTeam: Detection Enginev8.16.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions