index=main name=bad thing threat>=80 threat<=100 ( alert is created high)
index=main name=bad thing threat>=40 threat<=79 (alert is created med)
index=main name=bad thing threat>=0 threat<=39 (alert is created low)
the threat is a field that I am parsing in my alert search query, unfortunately I have to use 3 searches if not 5 for all of the alert manager "priority" options on the incident posture
Default urgency for incidents of this alert.
Note: The urgency can be overriden by a field from search results named 'urgency'. Later, the alert manager calculates a priority based on the impact and urgency.