elastic · nastasha-solomon · Aug 17, 2022 · Aug 3, 2022 · Aug 4, 2022 · Aug 12, 2022
@@ -266,9 +266,13 @@ NOTE: To preview rules, you need the `read` privilege to the `.preview.alerts-se
 To preview a rule:
 
 . Write the rule query.
+. Choose how you want to preview the query results:
+
+** *Quick query preview*: Select from pre-defined time frames -- *Last hour*, *Last day*, or *Last month* -- when previewing rule results. Note that threshold and event correlation rules have limited time frame options. The rule interval and look-back time are also pre-defined for the preview and differ by rule type. These settings cannot be modified.
+** *Advanced query preview*: Choose a custom time frame for the rule preview, schedule how often the rule should run, and specify a look-back time.
 +
-. Select a timeframe of data to preview query results -- *Last hour*, *Last day*, or *Last month* -- from the *Quick query preview* drop-down.
-+
+TIP: Avoid setting long time frames with short rule intervals. This might cause the rule preview to timeout.
+
 . Click *Preview results*. The rule preview shows a histogram and alerts table with the alerts you can expect, based on the defined rule parameters and historical events in your indices. You can view the details of a particular alert by clicking the *View details* button in the alerts table.
 +
 NOTE: The preview excludes the effects of rule exceptions and timestamp overrides. In the preview histogram, alerts are stacked by `event.category` (or `host.name` for machine learning rules), and events with multiple values are counted more than once.