Kseniia Ignatovych
Kseniia Ignatovych
@jpdjere I was thinking more something similar to alert suppression setup interface.
Check the suppression component. Question: what to do if the field is mapped with different types in different indexes? Does the suppression component "know" if field is ecs-compliant and what...
@jpdjere awesome! I like that we can define if the field is ecs-compliant and not have the user fill it in. I assume if one type option is available -...
Thanks @nikitaindik ! Looks good!
@nikitaindik acceptance testing done. Looks good. Thank you!
Thanks @dplumlee! Could you please fix the offset after this new field? It is larger than for the other components:  Would it make sense to mention allowed values in...
> > It shouldn't be possible to set max_signals to a value < MIN_VALUE. Should MIN_VALUE be 0 or 1? > > I feel this should be 1. Allowing 0...
[Here's](https://overview.elastic-cloud.com/app/dashboards#/view/4b79f196-088c-43ac-91c8-4b0375c7b3f0?_g=(refreshInterval%3A(pause%3A!t%2Cvalue%3A60000)%2Ctime%3A(from%3A'2024-08-10T16%3A24%3A55.259Z'%2Cto%3A'2024-08-14T17%3A49%3A26.139Z'))) the evidence about rules hitting max_signals and not saving all alerts, based on cloud telemetry. ( I am looking to find the data for on-prem for this issues.) In...
After more research here're the latest numbers: [doc](https://docs.google.com/document/d/17CTB6-Xx0Of1co2VD_VFxIws_qi5VFTqv7R0ovAl3_A/edit?usp=sharing).
@vitaliidm Some videos here do not open, could you check please?