[DOCS] Advanced rule query preview option available

[nastasha-solomon]

Description

In 8.3 and earlier, users could only choose three timeframes to preview rule results in: Last hour, Last day, or Last month. Users would select these options from the drop-down under the Quick query preview section and then click Preview results to generate a preview. Full steps are doc'd here.

In 8.4, users will be offered two preview options. The first and default option will be the Quick query preview, which is the "old" rule preview feature. The second will be the new Advanced query preview option. This new option gives users more control over the preview's timeframe, rule interval, and look-back time, providing them with an even more realistic representation of what they can expect to see after they enable the rule.

Related:

• [Security Solution][Detections] Preview Rule: Make it possible to configure the time interval and look-back time kibana#137102
• https://github.com/elastic/security-team/issues/4362

Notes

• The default values for the three fields are:
  • Timeframe: Last 1 hour
  • Runs every (Rule interval): 5 Minutes
  • Additional look-back time: 1 Minutes
• Some rules require certain fields to be set or filled out for the preview option to work:
  • ML: The select job must be running.
  • IM: Indicator mappings must be set.
  • New Terms: The Fields field must have a value.
• Notes on default options and pre-reqs for rule preview to work: https://docs.google.com/spreadsheets/d/13Z9QtTCP6zO4NGWrdSBImL3xnh5ps3fCUHihI-LWb48/edit#gid=0

[nastasha-solomon]

Merged #2251.