How to check alerts rules

I would also be interested in this as we have seen some alerts appearing to stop working and needing to be enabled and disabled to start triggering again.

We started to look at a side server to send spoofed UDP packets with alert triggering criteria, but this wouldn't work for all log sources like TCP syslog etc.

I found an “Invalid Query” button on the top-right corner of the settings menu. From there all the queries that have a problem will be highlighted.