I'm using (where) to alert me if a field exceeds 80% but what I also need is to prevent it from
alerting if that field exceeds 100%. Here is what I have now:
How can this be adjusted to be greater than 80, but less than 100?
Thanks,
As you can see in the documentation for where
, that is just a simple AND
;
<your_search> | where bandwidth > 80 AND bandwidth < 100
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Where
/K
As you can see in the documentation for where
, that is just a simple AND
;
<your_search> | where bandwidth > 80 AND bandwidth < 100
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Where
/K
Great. Thanks. Guess I missed that one. 🙂