Kibana alerting v2 rule grouping

Grouping splits alert event generation by one or more fields so that each unique combination of field values produces its own alert series. Each series has independent lifecycle tracking, recovery detection, and per-series snooze.

Configure grouping

In YAML:

		grouping:
  fields: [host.name]

The grouping fields must correspond to the BY clause in your ES|QL query's STATS command.