[8.16] [Request][Serverless][8.16] Document the new `kibana.alert.rul…

…e.execution.type` field being added for manual runs (backport #5940) (#5973) * [Request][Serverless][8.16] Document the new `kibana.alert.rule.execution.type` field being added for manual runs (#5940) * First draft * Swapped underscore with period (cherry picked from commit c73c723) # Conflicts: # docs/serverless/alerts/alert-schema.mdx * Delete docs/serverless directory and its contents --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
elastic · Oct 23, 2024 · cc203be · cc203be
1 parent 16e5e15
commit cc203be
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/docs/reference/alert-schema.asciidoc b/docs/reference/alert-schema.asciidoc
@@ -195,9 +195,15 @@ Type: string[]
 
 Shows the alert’s estimated timestamp, had the alert been created when the source event initially occurred. The value in this field is determined by the way the rule was run:
 
-* **Scheduled run**: Alerts created by scheduled runs have the same timestamp as the `kibana.alert.rule.execution.timestamp` field, which shows when the rule was executed.
+* **Scheduled run**: Alerts created by scheduled runs have the same timestamp as the `@timestamp` field, which shows when the alert was created.
 * **Manual run**: Alerts created by manual runs have a timestamp that falls within the time range specified for the manual run. For example, if you set a rule to manually run on event data from `10/01/2024 05:00 PM` to `10/07/2024 05:00 PM`, the `kibana.alert.intended_timestamp` value will be a date and time within that range.
 
 Type: date
 
+|N/A | `kibana.alert.rule.execution.type` a| 
+
+Shows if an alert was created by a manual run or a scheduled run. The value can be `manual` or `scheduled`.
+
+Type: keyword
+
 |==============================================