From c4cba0cd6c657afd2068d9603523ee8734852fcd Mon Sep 17 00:00:00 2001
From: Jan Drees <jdrees@mailbox.org>
Date: Fri, 27 Sep 2024 09:48:38 +0200
Subject: [PATCH 1/3] Add timestamp_field to the documentation

---
 docs/source/ruletypes.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
index 8b57fe1e..60bc8a32 100644
--- a/docs/source/ruletypes.rst
+++ b/docs/source/ruletypes.rst
@@ -142,6 +142,8 @@ Rule Configuration Cheat Sheet
 +--------------------------------------------------------------+           +
 | ``buffer_time`` (time, default from config.yaml)             |           |
 +--------------------------------------------------------------+           |
+| ``timestamp_field`` (string, default "@timestamp")           |           |
++--------------------------------------------------------------+           |
 | ``timestamp_type`` (string, default iso)                     |           |
 +--------------------------------------------------------------+           |
 | ``timestamp_format`` (string, default "%Y-%m-%dT%H:%M:%SZ")  |           |
@@ -971,6 +973,14 @@ summary_suffix
 
 ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting.
 
+timestamp_field
+^^^^^^^^^^^^^^
+
+``timestamp_field``: Specify the name of the document field containing the timestamp. 
+By default, the field ``@timestamp`` is used to query Elasticsearch. 
+If ``timestamp_field`` is set, this date field will be considered whenever querying, filtering and aggregating based on timestamps.
+(Optional, string, default @timestamp).
+
 timestamp_type
 ^^^^^^^^^^^^^^
 

From 5ba2087795985add93831c0bbd7a05c377746667 Mon Sep 17 00:00:00 2001
From: Jan Drees <jdrees@mailbox.org>
Date: Fri, 27 Sep 2024 11:58:41 +0200
Subject: [PATCH 2/3] Add doc change to CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 061559e0..82a03798 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ## Other changes
 - [Docs] Mention the two available Spike-rule metrics that are add into the match record - [#1542](https://github.com/jertel/elastalert2/pull/1542) - @ulmako
+- [Docs] Add missing documentation of the timestamp_field option - [#1544](https://github.com/jertel/elastalert2/pull/1544) - @apollolv
 
 # 2.20.0
 

From bd1689a7078c5fb0b6c5f16cf22be3e55144687e Mon Sep 17 00:00:00 2001
From: Jan Drees <jdrees@mailbox.org>
Date: Fri, 27 Sep 2024 12:10:58 +0200
Subject: [PATCH 3/3] Add a missing ^ in the docs

---
 docs/source/ruletypes.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
index 60bc8a32..890fe82c 100644
--- a/docs/source/ruletypes.rst
+++ b/docs/source/ruletypes.rst
@@ -974,7 +974,7 @@ summary_suffix
 ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting.
 
 timestamp_field
-^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^
 
 ``timestamp_field``: Specify the name of the document field containing the timestamp. 
 By default, the field ``@timestamp`` is used to query Elasticsearch.