diff --git a/_data/rules.yml b/_data/rules.yml
index 4d0d9f4..a2f7fe1 100644
--- a/_data/rules.yml
+++ b/_data/rules.yml
@@ -1135,12 +1135,12 @@ groups:
                 for: 10m       
               - name: Elasticsearch High Indexing Rate
                 description: "The indexing rate on Elasticsearch cluster is higher than the threshold."
-                query: "elasticsearch_indices_indexing_index_total > 100000"
+                query: "sum(irate(elasticsearch_indices_indexing_index_total))[1m]> 100000"
                 severity: warning
                 for: 5m     
               - name: Elasticsearch High Query Rate
                 description: "The query rate on Elasticsearch cluster is higher than the threshold."
-                query: "elasticsearch_indices_search_query_total > 100000"
+                query: "sum(irate(elasticsearch_indices_search_query_total))[1m] > 100000"
                 severity: warning
                 for: 5m
               - name: Elasticsearch High Query Latency