Hello, I need your help!!!
I want to make an alert if a search doesn't accomplish a certain result!
Example:
index=mf MFSOURCETYPE=SYSLOG SYSLOGSYSTEMNAME=PLB1 OR PLB2 OR PLB3 OR PLB4 |stats count by SYSLOGSYSTEMNAME if that search doesn't bring me PLB1, PLB2, PLB3, PLB4 then alert me!
How can I make the search? I think I need to use the eval and if.
In the Save As Alert
dialog, in the Trigger Conditions
area, set the Trigger alert when
value to Number of Results
and Is equal to
and 0
.
In the Save As Alert
dialog, in the Trigger Conditions
area, set the Trigger alert when
value to Number of Results
and Is equal to
and 0
.
Thanks for the help woodcock!