[Security][9.4 & Serverless][DE]: Adds docs for the gaps reason UI and error status#5865
Open
nastasha-solomon wants to merge 10 commits intomainfrom
Open
[Security][9.4 & Serverless][DE]: Adds docs for the gaps reason UI and error status#5865nastasha-solomon wants to merge 10 commits intomainfrom
error status#5865nastasha-solomon wants to merge 10 commits intomainfrom
Conversation
Contributor
🔍 Preview links for changed docs |
Contributor
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
mdbirnstiehl
approved these changes
Apr 23, 2026
Member
mdbirnstiehl
left a comment
mdbirnstiehl
left a comment
There was a problem hiding this comment.
LGTM overall! I added a couple of suggestions for your consideration.
| | Unfilled gaps duration | Total duration of remaining unfilled or partially filled gaps. The total can change based on the time range you select (data on gaps older than 90 days is not retained). If a rule has no gaps, the column displays a dash (`––`). | | ||
| | Gap fill status | {applies_to}`stack: ga 9.3+` Shows whether unfilled gaps remain, a gap-fill run is in progress, every gap is filled, and more. Refer to the [Gap status](#gap-status) table for the available statuses. | | ||
|
|
||
| #### Gap status [gap-status] |
Member
There was a problem hiding this comment.
Would it make sense to have this as Gap fill status to match the language in the UI and in this docs section?
Comment on lines
+60
to
+64
| | Column | Description | | ||
| |--------|-------------| | ||
| | Last Gap (if any) | How long the most recent gap lasted. | | ||
| | Unfilled gaps duration | Total duration of remaining unfilled or partially filled gaps. The total can change based on the time range you select (data on gaps older than 90 days is not retained). If a rule has no gaps, the column displays a dash (`––`). | | ||
| | Gap fill status | {applies_to}`stack: ga 9.3+` Shows whether unfilled gaps remain, a gap-fill run is in progress, every gap is filled, and more. Refer to the [Gap status](#gap-status) table for the available statuses. | |
Member
There was a problem hiding this comment.
From what I see in the UI, the columns are organized as Gap fill status, Last gap, Unfilled gaps duration. Might be good to match that ordering in the table for scanability?
|
|
||
| These values appear in the **Reason** column on the **Execution results** tab (and in related filters). They also drive which gaps are included in the **Rules with gaps** overview and in automatic gap fill. | ||
|
|
||
| The gap detection scope applies to the whole {{kib}} space. Use it to include or exclude gaps that occurred while a rule was turned off. By default, those gaps are excluded from the overview and from automatic gap fill because they often reflect planned maintenance rather than an unexpected detection failure. |
Member
There was a problem hiding this comment.
Suggested change
| The gap detection scope applies to the whole {{kib}} space. Use it to include or exclude gaps that occurred while a rule was turned off. By default, those gaps are excluded from the overview and from automatic gap fill because they often reflect planned maintenance rather than an unexpected detection failure. | |
| The **Gap detection scope** applies to the whole {{kib}} space. Use it to include or exclude gaps that occurred while a rule was turned off. By default, those gaps are excluded from the overview and from automatic gap fill because they often reflect planned maintenance rather than an unexpected detection failure. |
Just noticed this is how it's formatted in the list above and in the note below.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #5789 and #5747 by adding docs for the gaps reason UI and
errorstatus.Previews
Generative AI disclosure
Cursor + Composer