--- title: Kibana alerting v2 rules description: What {{alerting-v2}} rules are, how evaluation works, and how rules connect to alerts and notifications. url: https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/5528/explore-analyze/alerting/kibana-alerting-v2/rules-v2 products: - Kibana applies_to: - Elastic Cloud Serverless: Preview - Elastic Stack: Unavailable --- # Kibana alerting v2 rules A rule is where Kibana alerting v2 starts. It points Kibana at the data you care about, describes what counts as a problem in ES|QL, and says how often to check. Alerts, action policies, and notifications all flow from what a rule detects. ## What rules do On each run, a rule executes an ES|QL query against your data. If the query finds a match and the rule is in Detect mode, it writes a _signal_, a point-in-time record that the condition was met. In Alert mode, it also maintains an _alert episode_ for each matched series, tracking state from first breach through recovery. When creating a rule, choose Detect mode to record and query results without alerting anyone, or Alert mode when you want to track issues and route notifications. ## What rules don't do Rules only define *what* to detect. They don't control notifications, who gets notified, or when. That's the job of action policies — global objects, scoped to your space, that match episodes from any rule. A rule has no say in which policies pick it up. This separation means you can build and test a rule without anyone getting paged, update notification routing without touching the rule, and have multiple action policies respond to the same rule independently. ## Next steps - **[Author rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/5528/explore-analyze/alerting/kibana-alerting-v2/rules/author-rules-v2):** Write the ES|QL query, choose Detect or Alert mode, and structure your data sources and conditions. - **[View and manage rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/5528/explore-analyze/alerting/kibana-alerting-v2/rules/view-manage-rules-v2):** Enable, disable, clone, delete, and bulk-manage rules from the rules list.