Hi there,
I wanted to create an alert which keeps on running every hour and checks the data from starting of the day and till now and if the count is greater than a value, it should generate an alert and no alert for the rest of the day. I have used the following parameters. But it does not seem to be right because if we get an alert at 6pm today we don't get another alert until 6pm the next day. what if the count has exceeded the limit at some time less than 6pm the next day we would not get an alert because of the throttle. If we don't use throttle we get overlapping of the results.
Alert type :Scheduled
Run on Cron Schedule
Earliest: @d
Latest: now
Cron Expression: */60 * * * *
**Trigger Conditions**
Trigger alert when Number of Results is greater than 0
Trigger Once
For each result
Throttle?
Suppress triggering for
1
day(s)
Please recommend a solution . Urgent. Thanks for the help
What you are really asking for is for relative modifiers (e.g. @d+24h
) to be supported for Throttling time values.
yes . exactly . Is that possible ?
how can we set it up for the alert ?
Thanks
File an feature/enhancement request JIRA ticket through your sales rep.
You could set your search so that it runs hourly, finds the time of the FIRST event of the day, and if that event is less than (for example) 65 minutes old, throws the alert.
Then, set the throttle to suppress the alert for 75 minutes (but it will never alert again until the next day.)