An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title					Description	Details
Policy Name *					Name of the alerting policy. This must be unique per hierarchy.	Field Name: name Type: String MaxLength: 255
Description					Provide a brief description of this policy.	Field Name: description Type: String MaxLength: 2048
Enabled					Is this policy enabled?	Field Name: enabled Type: Boolean
	Filters				Global filters to apply before processing policy rules.	Field Name: policy_filters.[n] Type: Array
		Name				Field Name: policy_filters.[n].description Type: String
		Location *				Field Name: policy_filters.[n].location Type: String Choices: ["Header", "Raw log"]
		Pattern Type *				Field Name: policy_filters.[n].pattern_type Type: String Choices: ["Match", "Match/Extract"]
		Pattern			Header name or regular expression for raw logs.	Field Name: policy_filters.[n].pattern Type: String
		Function				Field Name: policy_filters.[n].function Type: String Choices: ["Greater Than", "Less Than", "Same"]
		Function Value				Field Name: policy_filters.[n].function_value Type: Integer
		Token			used for alert message output order	Field Name: policy_filters.[n].token Type: Integer
	Enrichment				Enrich the alert with table details or additional verbage.	Field Name: enrichment.[n] Type: Array
		Location *				Field Name: enrichment.[n].location Type: String Choices: ["table", "custom"]
		Item				Field Name: enrichment.[n].item Type: String
		Token			used for alert message output order	Field Name: enrichment.[n].token Type: Integer
	Alerting Rules					Field Name: AlertingRules.[n] Type: Array
		Policy *			The alerting policy this rule belongs to.	Field Name: AlertingRules.[n].policy Type: String Target: data/AlertingPolicy Target attr: name Format: uri
		Rule Name *			Name of the alerting rule. This must be unique per policy.	Field Name: AlertingRules.[n].name Type: String MaxLength: 255
		Description			Provide a brief description of this Alerting Rule.	Field Name: AlertingRules.[n].description Type: String MaxLength: 8192
		Rule Type				Field Name: AlertingRules.[n].rule_type Type: String Choices: ["Simple", "Compound"]
		Alarm Id				Field Name: AlertingRules.[n].alarm_id Type: Integer
		Coorelation Type				Field Name: AlertingRules.[n].coorelation_type Type: String Choices: ["Simple", "Complex"]
		Enabled				Field Name: AlertingRules.[n].enabled Type: Boolean
		Inherit Output			If you want filter data included?	Field Name: AlertingRules.[n].inherit Type: Boolean
		Halt Processing			Halt processing in this policy group on match?	Field Name: AlertingRules.[n].halt_processing_on_match Type: Boolean
		Window				Field Name: AlertingRules.[n].window Type: Integer Choices: ["30 seconds", "1 minute", "5 minutes", "10 minutes", "30 minutes", "1 hour", "2 hours", "4 hours", "8 hours", "12 hours", "24 hours"]
		Severity				Field Name: AlertingRules.[n].severity Type: String Choices: ["Informational", "Minor", "Major", "Critical"]
		Threshold				Field Name: AlertingRules.[n].threshold Type: Integer
		Search Filter				Field Name: AlertingRules.[n].search_filter Type: String
			Definitions		Definitions.	Field Name: rule_definitions.[n] Type: Array
				Name		Field Name: AlertingRules.[n].rule_definitions.[n].description Type: String
				Location *		Field Name: AlertingRules.[n].rule_definitions.[n].location Type: String Choices: ["Header", "Raw log"]
				Pattern Type *		Field Name: AlertingRules.[n].rule_definitions.[n].pattern_type Type: String Choices: ["Match", "Match/Extract"]
				Pattern	Header name or regular expression for raw logs.	Field Name: AlertingRules.[n].rule_definitions.[n].pattern Type: String
				Function		Field Name: AlertingRules.[n].rule_definitions.[n].function Type: String Choices: ["Greater Than", "Less Than", "Same"]
				Function Value		Field Name: AlertingRules.[n].rule_definitions.[n].function_value Type: Integer
				Token	used for alert message output order	Field Name: AlertingRules.[n].rule_definitions.[n].token Type: Integer
			Enrichment		Enrich the alert with table details or additional verbage.	Field Name: enrichment.[n] Type: Array
				Location *		Field Name: AlertingRules.[n].enrichment.[n].location Type: String Choices: ["table", "custom"]
				Item		Field Name: AlertingRules.[n].enrichment.[n].item Type: String
				Token	used for alert message output order	Field Name: AlertingRules.[n].enrichment.[n].token Type: Integer
		Response Procedure *			The response procedure for this alert rule.	Field Name: AlertingRules.[n].response_procedure Type: String Target: data/AlertingResponseProcedure Target attr: name Format: uri
		Grafana Rule			The grafana rule for this for this alert rule. TODO reference new model.	Field Name: AlertingRules.[n].grafana_rule Type: String

Model: relation/AlertingPolicyToRule

Model Details: relation/AlertingPolicyToRule