Create Kibana alerting v2 rules in Discover

Create Kibana alerting v2 rules directly from Discover. When you build an ES|QL query in Discover that surfaces interesting patterns, you can convert it into a rule without rewriting the query.

Create a rule from Discover

Open Discover and switch to ES|QL mode.
Write and run an ES|QL query that returns the data you want to monitor.
Review the results to confirm the query captures the pattern you want to alert on.
Click Create rule (or Alerts > Create rule) from the Discover toolbar.
The rule creation form opens with the ES|QL query pre-populated in the evaluation field.
Configure the remaining rule settings:
- Name and description.
- Mode (detect or alert).
- Schedule (execution interval and lookback window).
- Grouping fields if applicable.
- Alert delay, recovery, and no-data settings for alert mode.
- Notification policies to link.
Optionally preview the rule results.
Click Save.

What gets pre-populated

When you create a rule from Discover:

The full ES|QL query from your current Discover session is placed into the rule's base query field.
The index pattern is inferred from the FROM command in your query.
The time range is converted into the rule's lookback window.

You can modify any of these values in the rule form before saving.