diff --git a/docs/detections/rules-ui-monitor.asciidoc b/docs/detections/rules-ui-monitor.asciidoc index 43240ad5d4..fefd007ce0 100644 --- a/docs/detections/rules-ui-monitor.asciidoc +++ b/docs/detections/rules-ui-monitor.asciidoc @@ -31,7 +31,7 @@ TIP: To sort the rules list, click any column header. To sort in descending orde For detailed information on a rule, the alerts it generated, and associated errors, click on its name in the table. This also allows you to perform the same actions that are available on the <>, such as modifying or deleting rules, activating or deactivating rules, exporting or importing rules, and duplicating prebuilt rules. -For information about rule execution gaps (which are periods of time when a rule didn't run), use the panel above the table. The time filter on the left allows you to select a time range for viewing gap data. The **Total rules with gaps:** field tells you how many rules have unfilled or partially filled gaps within the selected time range. The **Only rules with gaps** filter on the right lets you only display rules with unfilled or partially filled gaps. +For information about rule execution gaps (which are periods of time when a rule didn't run), use the panel above the table. The time filter on the left allows you to select a time range for viewing gap data. The **Total rules with gaps:** field provides two metrics. The metric on the left tells you the remaining number of rules with unfilled gaps. The metric on the right tells you the number of rules that are having their gaps resolved. The **Only rules with gaps** filter on the right lets you only display rules with unfilled or partially filled gaps. Within the table, the **Last Gap (if any)** column conveys how long the most recent gap for a rule lasted. The **Unfilled gaps duration** column shows whether a rule still has gaps and provides a total sum of the remaining unfilled or partially filled gaps. The total sum can change based on the time range that you select in the panel above the table. If a rule has no gaps, the columns display a dash (`––`). @@ -77,13 +77,13 @@ Use these controls to filter what's included in the logs table: [[gaps-table]] ==== Gaps table -beta::[] - Gaps in rule executions are periods of time where a rule didn’t run. They can be caused by various disruptions, including system updates, rule failures, or simply turning off a rule. Addressing gaps is essential for maintaining consistent coverage and avoiding missed alerts. TIP: Refer to the <> section for strategies for avoiding gaps. -Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. +Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. Click **Fill all gaps** to start manual runs that fill the rule's existing gaps. + +NOTE: To fill gaps for multiple rules, go to the Rules page, filter the table to only show rules with gaps, select the appropriate rules, then click **Bulk actions > Fill gaps**. [role="screenshot"] image::images/gaps-table.png[Gaps table on the rule execution results tab]