[8.8] Write troubleshooting docs for max alerts warning (backport #3262…

…) (#3327) Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
elastic · May 22, 2023 · c74e553 · c74e553
1 parent 4355e73
commit c74e553
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/docs/detections/rules-ui-monitor.asciidoc b/docs/detections/rules-ui-monitor.asciidoc
@@ -69,6 +69,14 @@ You can also use Task Manager in {kib} to troubleshoot background tasks and proc
 * {kibana-ref}/task-manager-health-monitoring.html[Task Manager health monitoring]
 * {kibana-ref}/task-manager-troubleshooting.html[Task Manager troubleshooting]
 
+[float]
+[[troubleshoot-max-alerts]]
+==== Troubleshoot maximum alerts warning
+
+When a rule reaches the maximum number of alerts it can generate during a single rule execution, the following warning appears on the rule's details page and in the rule execution log: `This rule reached the maximum alert limit for the rule execution. Some alerts were not created.` 
+
+If you receive this warning, go to the rule's **Alerts** tab and check for anything unexpected. Unexpected alerts might be created from data source issues or queries that are too broadly scoped. To further reduce alert volume, you can also add <<add-exceptions,rule exceptions>> or <<alert-suppression,suppress alerts>>. 
+
 [float]
 [[troubleshoot-gaps]]
 ==== Troubleshoot gaps