[DOCS] [7.16] Provide more details on how to start ML job to avoid ML detection rule execution failure (#1160) (#1219)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit b91a2a0)

Co-authored-by: Joe Peeples <[email protected]>

Author: mergify[bot]

docs/detections/images/rule-start-ml-job.png

@@ -6,15 +6,6 @@ Rules run periodically and search for source events, matches, sequences, or {ml}
 that meet their criteria. When a rule's criteria are met, a detection alert is
 created.
 
-[IMPORTANT]
-==============
-To create or edit {ml} rules, you must have the
-https://www.elastic.co/subscriptions[appropriate license] or use a
-{ess-trial}[cloud deployment]. Additionally, you must have the
-{ref}/built-in-roles.html[`machine_learning_admin`] user role, and the selected
-{ml} job must be running for the rule to function correctly.
-==============
-
 You can create the following types of rules:
 
 * <<create-custom-rule, *Custom query*>>: Query-based rule, which searches the defined indices and
@@ -108,15 +99,30 @@ image::images/create-new-rule.png[]
 [discrete]
 [[create-ml-rule]]
 ==== Create a machine learning rule
+
+[IMPORTANT]
+==============
+To create or edit {ml} rules, you must have the https://www.elastic.co/subscriptions[appropriate license] or use a
+{ess-trial}[cloud deployment]. Additionally, you must have the {ref}/built-in-roles.html[`machine_learning_admin`] user 
+role, and the selected {ml} job must be running for the rule to function correctly.
+==============
+
 . To create a rule based on a {ml} anomaly threshold, select *Machine Learning*,
 then select:
 .. The required {ml} job(s).
 .. The anomaly score threshold above which alerts are created.
+. Make sure that the {ml} jobs required for the rule are running. If a required {ml} job is not running, an alert is displayed.
+.. Select **ML job settings** in the upper-right corner of the page, then search for the required {ml} job.
+.. Turn on the **Run job** switch for the required {ml} job.
++
+[role="screenshot"]
+image::images/rule-start-ml-job.png[]
++
 . Click **Continue**, then proceed with <<rule-ui-basic-params, configuring basic rule settings>>.
 
 [discrete]
 [[create-custom-rule]]
-==== Create a custom rule
+==== Create a custom query rule
 . To create a rule based on a KQL or Lucene query, select *Custom query*,
 then:
 .. Define which {es} indices the rule searches for alerts.

docs/detections/rules-ui-create.asciidoc

@@ -3,6 +3,31 @@
 
 This topic covers common troubleshooting issues when creating or managing <<rules-ui-create, detection rules>>.
 
+[discrete]
+[[ML-rules-ts]]
+=== {ml-cap} rules
+
+[discrete]
+[[start-ML-jobs-ts]]
+.{ml-cap} rule is failing and a required {ml} job is stopped
+[%collapsible]
+====
+If a {ml} rule is failing, check to make sure the required {ml} jobs are running and start any jobs that have stopped.
+
+. Go to **Detect** -> **Rules**, then select the {ml} rule. The required {ml} jobs and their statuses are listed in the Definition section.
++
+[role="screenshot"]
+image::images/rules-ts-ml-job-stopped.png[]
++
+. If a required {ml} job isn't running, select **ML job settings** in the upper-right corner of the page, then search for the {ml} job.
+. Turn on the **Run job** switch for the required {ml} job.
++
+[role="screenshot"]
+image::images/rules-ts-start-ml-job.png[]
++
+. Rerun the {ml} detection rule.
+====
+
 [discrete]
 [[IM-match-rules-ts]]
 === Indicator match rules