I am having trouble with getting a email triggered for the following condition.
"Number of Results is = 0"
the search query is as follows.
index="xxxxx" sourcetype="syslog" earliest=-1d latest=now | stats count
the result of the search is :
count = 0 .
It is able to send other alerts.
You have to set Trigger alert when
= Custom
and the condition box below this to be count = 0
. The other setting counts the number of rows returned which in your case will always be 1
(not 0
the way that you were thinking).
while reading the post, all looks fine..