When rule is created with group by where at least one of the group by fields is not in the below list, the additional context is not added to the alert. We should add additional context also when some of the group by fields are not in the below list.

• host.name
• host.hostname
• host.id
• kubernetes.pod.uid
• container.id

In the example screenshot below, currently host context is not added to the alert, because there is event.dataset in the group by fields, but we should be able to extract host information in this case and add to the alert's context.