Add definitions for matches and matches phrase (#3082) (#3088)

elastic · Jul 19, 2023 · 92aedff · 92aedff
1 parent 0372480
commit 92aedff
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/docs/en/observability/logs-threshold-alert.asciidoc b/docs/en/observability/logs-threshold-alert.asciidoc
@@ -13,9 +13,11 @@ image::images/log-threshold-alert.png[Log threshold alert configuration]
 
 The comparators available for conditions depend on the chosen field. The combinations available are:
 
-- Numeric fields: *more than*, *more than or equals*, *less than*, or *less than or equals*.
-- Aggregatable fields: *is* and *is not*.
-- Non-aggregatable fields: *matches*, *does not match*, *matches phrase*, *does not match phrase*.
+* Numeric fields: *more than*, *more than or equals*, *less than*, or *less than or equals*.
+* Aggregatable fields: *is* or *is not*.
+* Non-aggregatable fields: *matches*, *does not match*, *matches phrase*, *does not match phrase*.
+** *Matches* queries some or all of the contents of your entered value regardless of order. For example, `WITH message MATCHES your example message` looks for messages containing the words `your` and `example` and `message` and returns results with some or all of those words. 
+** *Matches phrase* queries the exact contents of your entered value. For example, `WITH message MATCHES your example message` looks for the phrase `your example message` and returns results with that exact phrase.
 
 There are several key supported use cases. You can create rules based on fields containing or matching a text pattern,
 rules based on a numeric field and arithmetic operator, or a single rule with multiple conditions.