diff --git a/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.test.ts b/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.test.ts
index 1136d5408f3d9..dad1263e73772 100644
--- a/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.test.ts
+++ b/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.test.ts
@@ -15,6 +15,7 @@ import {
   ExecutionUuidAggResult,
   getExecutionKPIAggregation,
   formatExecutionKPIResult,
+  getExecutionLogRuntimeMappings,
 } from './get_execution_log_aggregation';
 
 describe('formatSortForBucketSort', () => {
@@ -273,16 +274,15 @@ describe('getExecutionLogAggregation', () => {
                   outcomeAndMessage: {
                     top_hits: {
                       size: 1,
-                      _source: {
-                        includes: [
-                          'kibana.alerting.outcome',
-                          'message',
-                          'error.message',
-                          'kibana.version',
-                          'rule.id',
-                          'rule.name',
-                        ],
-                      },
+                      _source: false,
+                      fields: [
+                        'kibana.alerting.outcome',
+                        'message',
+                        'error.message',
+                        'kibana.version',
+                        'rule.id',
+                        'rule.name',
+                      ],
                     },
                   },
                 },
@@ -478,16 +478,15 @@ describe('getExecutionLogAggregation', () => {
                   outcomeAndMessage: {
                     top_hits: {
                       size: 1,
-                      _source: {
-                        includes: [
-                          'kibana.alerting.outcome',
-                          'message',
-                          'error.message',
-                          'kibana.version',
-                          'rule.id',
-                          'rule.name',
-                        ],
-                      },
+                      _source: false,
+                      fields: [
+                        'kibana.alerting.outcome',
+                        'message',
+                        'error.message',
+                        'kibana.version',
+                        'rule.id',
+                        'rule.name',
+                      ],
                     },
                   },
                 },
@@ -683,16 +682,15 @@ describe('getExecutionLogAggregation', () => {
                   outcomeAndMessage: {
                     top_hits: {
                       size: 1,
-                      _source: {
-                        includes: [
-                          'kibana.alerting.outcome',
-                          'message',
-                          'error.message',
-                          'kibana.version',
-                          'rule.id',
-                          'rule.name',
-                        ],
-                      },
+                      _source: false,
+                      fields: [
+                        'kibana.alerting.outcome',
+                        'message',
+                        'error.message',
+                        'kibana.version',
+                        'rule.id',
+                        'rule.name',
+                      ],
                     },
                   },
                 },
@@ -780,17 +778,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'S4wIZX8B8TGQpG7XQZns',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -867,18 +859,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'a4wIZX8B8TGQpG7Xwpnz',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -1027,22 +1012,14 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'S4wIZX8B8TGQpG7XQZns',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'failure',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'failure',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'failure',
                             message:
                               "rule execution failure: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
-                            error: {
-                              message: 'I am erroring in rule execution!!',
-                            },
+                            'error.message': 'I am erroring in rule execution!!',
                           },
                         },
                       ],
@@ -1117,17 +1094,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'a4wIZX8B8TGQpG7Xwpnz',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -1276,17 +1247,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'dJkWa38B1ylB1EvsAckB',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -1358,17 +1323,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'a4wIZX8B8TGQpG7Xwpnz',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -1517,17 +1476,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: '7xKcb38BcntAq5ycFwiu',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -1604,17 +1557,11 @@ describe('formatExecutionLogResult', () => {
                           _index: '.kibana-event-log-8.2.0-000001',
                           _id: 'zRKbb38BcntAq5ycOwgk',
                           _score: 1.0,
-                          _source: {
-                            rule: { id: 'a348a740-9e2c-11ec-bd64-774ed95c43ef', name: 'rule_name' },
-                            event: {
-                              outcome: 'success',
-                            },
-                            kibana: {
-                              version: '8.2.0',
-                              alerting: {
-                                outcome: 'success',
-                              },
-                            },
+                          fields: {
+                            'rule.id': 'a348a740-9e2c-11ec-bd64-774ed95c43ef',
+                            'rule.name': 'rule_name',
+                            'kibana.version': '8.2.0',
+                            'kibana.alerting.outcome': 'success',
                             message:
                               "rule executed: example.always-firing:a348a740-9e2c-11ec-bd64-774ed95c43ef: 'test rule'",
                           },
@@ -2298,3 +2245,28 @@ describe('formatExecutionKPIAggBuckets', () => {
     });
   });
 });
+
+describe('getExecutionLogRuntimeMappings', () => {
+  test('should correctly generate runtime field mappings', () => {
+    expect(getExecutionLogRuntimeMappings()).toMatchInlineSnapshot(`
+      Object {
+        "kibana.alerting.outcome": Object {
+          "script": Object {
+            "source": "
+                def kibana = params._source['kibana'];
+                if (kibana.alerting == null || (kibana.alerting != null && kibana.alerting.outcome == null)) {
+                  def event = params._source['event'];
+                  if (event.outcome != null)
+                    emit(event.outcome);
+                } else {
+                  if (kibana.alerting != null && params._source['kibana'].alerting.outcome != null) {
+                    emit(kibana.alerting.outcome)
+                  }
+                }",
+          },
+          "type": "keyword",
+        },
+      }
+    `);
+  });
+});
diff --git a/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.ts b/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.ts
index 39c9e302c3d42..5b7f87faf41fd 100644
--- a/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.ts
+++ b/x-pack/plugins/alerting/server/lib/get_execution_log_aggregation.ts
@@ -8,7 +8,7 @@
 import { KueryNode } from '@kbn/core-saved-objects-api-server';
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import Boom from '@hapi/boom';
-import { flatMap, get } from 'lodash';
+import { flatMap, get, head } from 'lodash';
 import { AggregateEventsBySavedObjectResult } from '@kbn/event-log-plugin/server';
 import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query';
 import { parseDuration } from '.';
@@ -428,12 +428,14 @@ export function getExecutionLogRuntimeMappings(): estypes.MappingRuntimeFields {
       type: 'keyword',
       script: {
         source: `
-          if (params._source['kibana'].alerting != null && params._source['kibana'].alerting.outcome == null) {
-            if (params._source['event'].outcome != null)
-              emit(params._source['event'].outcome);
+          def kibana = params._source['kibana'];
+          if (kibana.alerting == null || (kibana.alerting != null && kibana.alerting.outcome == null)) {
+            def event = params._source['event'];
+            if (event.outcome != null)
+              emit(event.outcome);
           } else {
-            if (params._source['kibana'].alerting != null && params._source['kibana'].alerting.outcome != null) {
-              emit(params._source['kibana'].alerting.outcome)
+            if (kibana.alerting != null && params._source['kibana'].alerting.outcome != null) {
+              emit(kibana.alerting.outcome)
             }
           }`,
       },
@@ -485,15 +487,15 @@ function formatExecutionLogAggBucket(bucket: IExecutionUuidAggBucket): IExecutio
     actionExecutionOutcomes.find((subBucket) => subBucket?.key === 'failure')?.doc_count ?? 0;
 
   const outcomeAndMessage = bucket?.ruleExecution?.outcomeAndMessage?.hits?.hits[0]?.fields ?? {};
-  const status = outcomeAndMessage['kibana.alerting.outcome'] ?? '';
+  const status: string = head(outcomeAndMessage['kibana.alerting.outcome']) ?? '';
+  const outcomeMessage: string = head(outcomeAndMessage.message) ?? '';
+  const outcomeErrorMessage: string = head(outcomeAndMessage['error.message']) ?? '';
   const message =
-    status === 'failure'
-      ? `${outcomeAndMessage.message ?? ''} - ${outcomeAndMessage['error.message'] ?? ''}`
-      : outcomeAndMessage.message ?? '';
-  const version = outcomeAndMessage['kibana.version'] ?? '';
+    status === 'failure' ? `${outcomeMessage} - ${outcomeErrorMessage}` : outcomeMessage;
+  const version: string = head(outcomeAndMessage['kibana.version']) ?? '';
 
-  const ruleId = outcomeAndMessage['rule.id'] ?? '';
-  const ruleName = outcomeAndMessage['rule.name'] ?? '';
+  const ruleId: string = head(outcomeAndMessage['rule.id']) ?? '';
+  const ruleName: string = head(outcomeAndMessage['rule.name']) ?? '';
   return {
     id: bucket?.key ?? '',
     timestamp: bucket?.ruleExecution?.executeStartTime.value_as_string ?? '',
diff --git a/x-pack/plugins/alerting/server/rules_client/rules_client.ts b/x-pack/plugins/alerting/server/rules_client/rules_client.ts
index 39f9cb38322c8..0dd06b095655b 100644
--- a/x-pack/plugins/alerting/server/rules_client/rules_client.ts
+++ b/x-pack/plugins/alerting/server/rules_client/rules_client.ts
@@ -982,7 +982,8 @@ export class RulesClient {
             perPage,
             sort,
           }),
-        }
+        },
+        getExecutionLogRuntimeMappings()
       );
 
       return formatExecutionLogResult(aggResult);
@@ -1113,7 +1114,8 @@ export class RulesClient {
           start: parsedDateStart.toISOString(),
           end: parsedDateEnd.toISOString(),
           aggs: getExecutionKPIAggregation(filter),
-        }
+        },
+        getExecutionLogRuntimeMappings()
       );
 
       return formatExecutionKPIResult(aggResult);
diff --git a/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts b/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
index 0fcc5c55413cb..459dd9d266d0b 100644
--- a/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
+++ b/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
@@ -610,6 +610,7 @@ describe('queryEventsBySavedObject', () => {
           { sort_field: 'event.end', sort_order: 'desc' },
         ],
       },
+      runtimeMappings: {},
     };
     const result = await clusterClientAdapter.queryEventsBySavedObjects(options);
 
@@ -694,6 +695,7 @@ describe('aggregateEventsBySavedObject', () => {
       index: 'index-name',
       body: {
         size: 0,
+        runtime_mappings: {},
         query: getQueryBody(
           logger,
           options,
@@ -784,6 +786,7 @@ describe('aggregateEventsWithAuthFilter', () => {
       type: 'saved-object-type',
       aggregateOptions: DEFAULT_OPTIONS as AggregateOptionsType,
       authFilter: fromKueryExpression('test:test'),
+      runtimeMappings: {},
     };
     const result = await clusterClientAdapter.aggregateEventsWithAuthFilter(options);
 
@@ -792,6 +795,7 @@ describe('aggregateEventsWithAuthFilter', () => {
       index: 'index-name',
       body: {
         size: 0,
+        runtime_mappings: {},
         query: getQueryBodyWithAuthFilter(
           logger,
           options,
diff --git a/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts b/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
index 668120914da1f..4866f6a7ff603 100644
--- a/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
+++ b/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
@@ -56,6 +56,7 @@ export interface AggregateEventsWithAuthFilter {
   type: string;
   authFilter: KueryNode;
   aggregateOptions: AggregateOptionsType;
+  runtimeMappings: estypes.MappingRuntimeFields;
 }
 
 export type FindEventsOptionsBySavedObjectFilter = QueryOptionsEventsBySavedObjectFilter & {
@@ -429,7 +430,7 @@ export class ClusterClientAdapter<TDoc extends { body: AliasAny; index: string }
   public async aggregateEventsWithAuthFilter(
     queryOptions: AggregateEventsWithAuthFilter
   ): Promise<AggregateEventsBySavedObjectResult> {
-    const { index, type, aggregateOptions } = queryOptions;
+    const { index, type, aggregateOptions, runtimeMappings } = queryOptions;
     const { aggs } = aggregateOptions;
 
     const esClient = await this.elasticsearchClientPromise;
@@ -442,6 +443,7 @@ export class ClusterClientAdapter<TDoc extends { body: AliasAny; index: string }
 
     const body: estypes.SearchRequest['body'] = {
       size: 0,
+      runtime_mappings: runtimeMappings,
       query,
       aggs,
     };
diff --git a/x-pack/plugins/event_log/server/event_log_client.test.ts b/x-pack/plugins/event_log/server/event_log_client.test.ts
index 5e4fd08819fb3..2eef356c261c3 100644
--- a/x-pack/plugins/event_log/server/event_log_client.test.ts
+++ b/x-pack/plugins/event_log/server/event_log_client.test.ts
@@ -238,6 +238,7 @@ describe('EventLogStart', () => {
           ],
         },
         legacyIds: undefined,
+        runtimeMappings: {},
       });
     });
   });
@@ -270,6 +271,7 @@ describe('EventLogStart', () => {
             },
           ],
         },
+        runtimeMappings: {},
       });
     });
   });
diff --git a/x-pack/plugins/event_log/server/event_log_client.ts b/x-pack/plugins/event_log/server/event_log_client.ts
index 1fe2ab15531f1..23e345a082785 100644
--- a/x-pack/plugins/event_log/server/event_log_client.ts
+++ b/x-pack/plugins/event_log/server/event_log_client.ts
@@ -144,7 +144,8 @@ export class EventLogClient implements IEventLogClient {
   public async aggregateEventsWithAuthFilter(
     type: string,
     authFilter: KueryNode,
-    options?: AggregateOptionsType
+    options?: AggregateOptionsType,
+    runtimeMappings?: estypes.MappingRuntimeFields
   ) {
     if (!authFilter) {
       throw new Error('No authorization filter defined!');
@@ -164,6 +165,7 @@ export class EventLogClient implements IEventLogClient {
       type,
       authFilter,
       aggregateOptions: { ...aggregateOptions, aggs } as AggregateOptionsType,
+      runtimeMappings: runtimeMappings ? runtimeMappings : {},
     });
   }
 
diff --git a/x-pack/plugins/event_log/server/types.ts b/x-pack/plugins/event_log/server/types.ts
index 598b86dadbcd0..8d3ebb3339f1f 100644
--- a/x-pack/plugins/event_log/server/types.ts
+++ b/x-pack/plugins/event_log/server/types.ts
@@ -68,7 +68,8 @@ export interface IEventLogClient {
   aggregateEventsWithAuthFilter(
     type: string,
     authFilter: KueryNode,
-    options?: Partial<AggregateOptionsType>
+    options?: Partial<AggregateOptionsType>,
+    runtimeMappings?: estypes.MappingRuntimeFields
   ): Promise<AggregateEventsBySavedObjectResult>;
 }
 
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/alerting/alerts.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/alerting/alerts.ts
index 8f1b8047e4331..707fab5d57a3d 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/alerting/alerts.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/alerting/alerts.ts
@@ -1237,6 +1237,7 @@ instanceStateValue: true
     expect(eventEnd <= dateNow).to.equal(true);
 
     expect(event?.event?.outcome).to.equal(outcome);
+    expect(event?.kibana?.alerting?.outcome).to.equal(outcome);
 
     expect(event?.kibana?.saved_objects).to.eql([
       {
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
index 2e63bed197864..fa9b2019c2a71 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
@@ -665,6 +665,7 @@ export function validateEvent(event: IValidatedEvent, params: ValidateEventLogPa
   }
 
   expect(event?.event?.outcome).to.equal(outcome);
+  expect(event?.kibana?.alerting?.outcome).to.equal(outcome);
 
   for (const savedObject of savedObjects) {
     expect(