Query alerts and signals in Discover

Querying alerts and signals in Discover is part of the experimental alerting features in Kibana. Discover gives you direct ES|QL access to everything the experimental alerting features record, including rule evaluation history, episode progressions, triage actions, and operational metrics like mean time to acknowledge.

The Alerts UI shows current episode state. Discover lets you go further: ask arbitrary questions, spot trends over time, replay how a specific incident unfolded, or correlate alert history with other data in your environment.

To use this page, open Discover, select ES|QL, paste a query from the examples below, then adjust the time range and placeholders (YOUR_RULE_ID, YOUR_GROUP_HASH) to match your environment.