Kibana alerting v2 rule settings

Rule settings control how a Kibana alerting v2 rule evaluates data, manages alert lifecycle, and routes notifications. This page provides an overview of all configurable settings. Refer to the linked pages for detailed guidance on each.

Schedule and lookback

The schedule and lookback settings control how often the rule runs and how far back it looks when evaluating data.

Activation and recovery thresholds

Activation and recovery thresholds prevent transient conditions from creating actionable alerts and prevent rapid toggling between active and recovered states.

No-data handling

No-data handling controls what happens when the rule query returns no results.

Grouping

Grouping splits alert event generation by one or more fields. Each unique combination produces its own alert series with independent lifecycle tracking.

Notification policies

Notification policies are standalone entities that control how alerts reach people and systems.

Workflows

Workflows are automated sequences of tasks. Rules can link to workflows directly for rule-triggered actions.