IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Create a tracking containment rule
editCreate a tracking containment rule
editThe tracking containment rule alerts when an entity is contained or no longer contained within a boundary.
Requirements
editTo create a tracking containment rule, the following requirements must be present:
-
Entities index: An index containing a
geo_point
orgeo_shape
field,date
field, and entity identifier. An entity identifier is akeyword
,number
, orip
field that identifies the entity. Entity data is expected to be updating so that there are entity movements to alert upon. -
Boundaries index: An index containing
geo_shape
data. Boundaries data is expected to be static (not updating). Boundaries are collected once when the rule is created and anytime after when boundary configuration is modified.
Entity locations are queried to determine if they are contained within any monitored boundaries.
Entity data should be somewhat "real time", meaning the dates of new documents aren’t older
than the current time minus the amount of the interval. If data older than
now - <current interval>
is ingested, it won’t trigger a rule.
Actions
editA rule can be triggered either when a containment condition is met or when an entity is no longer contained.