[Internal][Security][Gap Fill]: Update documentation regarding new aggregated gap status + Auto gap fill #3969
Description
Description
Gap fill status
What: We’re introducing a new aggregated gap status in the rules table, along with the ability to filter the table by this status. This why we remove "show rules with unfilled gaps" button. We’re also removing the date picker from the gap overview panel and setting the default date range to 90 days.
How new status works (if gap exist for rule):
unfilled > in_progress > filled
If any unfilled gap exists, the rule is marked unfilled.
Otherwise, if any gap is in progress, it is in_progress.
Otherwise, the rule is filled.
Gap auto fill
Users can enable gap auto fill from Rules page -> Setting -> Enable
It will create a task which will run every 5 minutes and schedule gap fills
Users can see logs for gap auto fill scheduler.
Possible statuses:
Success - all gap fills are scheduler sucessfuly
Error - task failed or any gap fill for any rule is failed to schedule
No gaps - there no rules with gaps
Skipped - We reach limit for amount of gap fill we can schedule or there gaps but rules are disabled and we can't schedule it.
Screen.Recording.2025-12-11.at.12.41.42.mov
When:
For gap fill status - (release after 15 of December in serverless or 9.3 ESS)
For auto gap fill - 9.3
Why:
For gap fill status - To display the gap status for each rule directly in the table and allow filtering by any status.
For auto gap fill - to help users automate process of gap filling
Resources
Gap fill status: elastic/kibana#242595
Gap auto fill: elastic/kibana#244719
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
The same
What release is this request related to?
N/A
Serverless release
After PR is merged
Collaboration model
The documentation team
Point of contact.
Main contact: @nkhristinin
Stakeholders: @approksiu @ARWNightingale