--- title: Set up the experimental alerting features description: Get the {{alerting-v2}} running in your space: enable the UI, confirm data streams, then understand spaces, API keys, and privileges. url: https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6522/explore-analyze/alerting/kibana-alerting-experimental/setup-alerting products: - Elastic Cloud Serverless - Kibana applies_to: - Elastic Cloud Serverless: Preview - Elastic Stack: Unavailable --- # Set up the experimental alerting features Set up is part of the experimental alerting features in Kibana. Before you can create your first rule, the experimental alerting features need to be enabled in your space and a few background systems need to be in place. Rules rely on two data streams to store their output, API keys to run with the right privileges, and space scoping to keep objects organized. Getting these right upfront means your rules will run cleanly and their output will be queryable from the start. If you want to jump straight to creating a rule, go to [Quick start](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6522/explore-analyze/alerting/kibana-alerting-experimental/quick-start-alerting). For privilege requirements, refer to [Experimental alerting features privileges](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6522/explore-analyze/alerting/kibana-alerting-experimental/alerting-privileges). ## Enable the experimental alerting features The experimental alerting features are available in technical preview in Elastic Stack 9.5 and in Serverless. ## Where rule events are stored The experimental alerting features automatically create and manage two data streams when the first rule runs. You don't need to create them manually. | Data stream | What it stores | |------------------|--------------------------------------------------------------------------------------------------------| | `.rule-events` | A record for every rule evaluation. One document per result row, per run. Never updated in place. | | `.alert-actions` | Records for acknowledge, snooze, deactivate, fire, suppress, and other audit and suppression tracking. | Both data streams are hidden system data streams. To query them in Discover, prefix the name with `$`: ```esql FROM $`.rule-events` | WHERE rule.id == "" | SORT @timestamp DESC | LIMIT 10 ``` After your first rule runs, use the query above in Discover to confirm documents are appearing. If nothing appears after a few seconds, check that the rule is enabled and that your ES|QL query returns results when run independently. ## Spaces Rules and action policies are space-scoped. Objects you create in one space are not visible in another. Alert events are stored globally, but the UI filters what you see by space. ## API keys Saving a rule or action policy automatically creates an API key that is used to run it. The key inherits the privileges of the user who saved the object. If those privileges change over time, update the key from the rule or policy management UI. ## Next steps When you're ready to go further, these can be done in any order: