Elasticsearch query dsl alert rule to discover search object

Baba_Kourouma · May 27, 2025, 9:01pm

If I created an alert rule using elasticsearch query dsl, how can I get the corresponding search object in Discover so that I can see the logs that triggered this alert?

Tortoise · May 28, 2025, 9:07am

Hello @Baba_Kourouma

Welcome to the community.

Could you please share what is your exact requirement maybe with an example?

You have created an alert using elasticsearch query dsl , to search in discover you can check the query filter used as part of Alert.

Thanks!!

Baba_Kourouma · May 28, 2025, 1:01pm

What I want is to be able to have a link in the action (a slack message) that would take me to discover with a view that is equivalent to the elasticsearch query dsl used in the alert rule.

Thank you!

Tortoise · May 29, 2025, 5:27am

Thanks @Baba_Kourouma for the details.

Please review steps provided in below blog :

Thanks!!

Topic		Replies	Views
Does Search Alert in 7.12 include query? Kibana	5	241	May 6, 2021
DSL query in Kibana Rules does not work the same as from Dev Tools Kibana elastic-stack-alerting	10	723	April 19, 2023
Use ElasticEearch Query as Filter DSL Query in Discover Section of Kibana Kibana	3	806	September 24, 2019
Will the "collapse" clause work in Kibana's Alert type "Query DSL" Kibana elastic-stack-alerting	1	227	June 27, 2023
Create Alert from index data Kibana elastic-stack-alerting	5	1790	August 16, 2022

Elasticsearch query dsl alert rule to discover search object

Related topics