Hi 'am trying to setup an alert to trigger based on percentage. But couldn't find the options for the same. Please could you assist me.
For eg:
An alert should trigger if the failure event >=5% of the total events.
Total events = 100
Failure events = 6
Success events = 94
In above case, an alert should be triggered since the failure event is >=5%.
Here is my illustration
I create 2 tags
Bad_End totalParts=0, totalParts=1
Good_End totalParts=2, totalParts=3, totalParts=4
Executing this search on my filtered target
| top tag::totalParts
Returns:
tag::totalParts count percent
1 Bad_End 34 1.816239
2 Good_End 1838 98.183761
I would like to Alert based on Good_End being smaller than 97%
I saved the search and would like assistance with the Custom Conditional search expression that would trigger and Alert.
| eval percentage=((failureevents/successevents)*100) | where percentage>=5
If you could paste some example data it would be easier to give a more accurate answer 🙂
The above is roughly what you want to be doing to produce a percentage that you could perform an alert on