Managing rules

The Rules tab provides a cross-app view of alerting. Different Kibana apps like Observability, Security, Maps and Machine Learning can offer their own rules. The Rules tab provides a central place to:

For more information on alerting concepts and the types of rules and connectors available, see Alerting.

The Rules tab lists all rules in the current space, including summary information about their execution frequency, tags, and type.

The search bar can be used to quickly find rules by name or tag.

The type dropdown lets you filter to a subset of rule types.

The Action type dropdown lets you filter by the type of action used in the rule.

Many rules must be created within the context of a Kibana app like Metrics, APM, or Uptime, but others are generic. Generic rule types can be created in the Rules management UI by clicking the Create button. This will launch a flyout that guides you through selecting a rule type and configuring its properties. Refer to Stack rule types for details on what types of rules are available and how to configure them.

After a rule is created, you can re-open the flyout and change a rule’s properties by clicking the Edit button shown on each row of the rule listing.

The rule listing allows you to quickly mute/unmute, disable/enable, and delete individual rules by clicking the action button.

These operations can also be performed in bulk by multi-selecting rules and clicking the Manage rules button:

Access to rules is granted based on your privileges to alerting-enabled features. See Alerting Security for more information.