[Metrics Alerts] Fix alerting on a rate aggregation (elastic#58789)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

x-pack/plugins/infra/server/lib/alerting/metric_threshold/register_metric_threshold_alert_type.ts

@@ -6,6 +6,7 @@
 import uuid from 'uuid';
 import { i18n } from '@kbn/i18n';
 import { schema } from '@kbn/config-schema';
+import { networkTraffic } from '../../../../common/inventory_models/shared/metrics/snapshot/network_traffic';
 import {
   MetricThresholdAlertTypeParams,
   Comparator,
@@ -26,6 +27,17 @@ async function getMetric(
   { metric, aggType, timeUnit, timeSize, indexPattern }: MetricThresholdAlertTypeParams
 ) {
   const interval = `${timeSize}${timeUnit}`;
+  const aggregations =
+    aggType === 'rate'
+      ? networkTraffic('aggregatedValue', metric)
+      : {
+          aggregatedValue: {
+            [aggType]: {
+              field: metric,
+            },
+          },
+        };
+
   const searchBody = {
     query: {
       bool: {
@@ -50,13 +62,7 @@ async function getMetric(
           field: '@timestamp',
           fixed_interval: interval,
         },
-        aggregations: {
-          aggregatedValue: {
-            [aggType]: {
-              field: metric,
-            },
-          },
-        },
+        aggregations,
       },
     },
   };