I am trying to setup a saved-search with email alert; with the following Alert Conditions properties:
but I can't seem to find this 'not equal' property anywhere. The only properties I can select from the list are: is greater than, is less than, is equal to, drops by, and rises by.
Any advice is greatly appreciated
Are you really saying that you want the email sent if there are 24 events, or 26 events, or 1 event, or 2000 events, but if there are exactly 25 events, then you are not told about it? That's unusual.
The custom condition in this case would just be something like | stats count | where count!=25
Are you really saying that you want the email sent if there are 24 events, or 26 events, or 1 event, or 2000 events, but if there are exactly 25 events, then you are not told about it? That's unusual.
The custom condition in this case would just be something like | stats count | where count!=25
for a regular saved-search, its called 'alert_threshold', accompanied by a bunch of other variables, 'actions', 'alert_comparator', 'alert_condition', etc.. this can all be see from https://localhost:8089/servicesNS/nobody/myApp/saved/searches. If i simply used a regular condition, say 'is greater than', there is an additional text-box to fill in this value (on the dummy-settings-form). thanks for the reply anyways.
Well where does this value come from?
yes, this is a saved search - with email alert. but if i choose the default options, such as 'if number of events' 'is greater than', i can also put a threshold value. They key of this problem is that '25' is an unknown value. How would i reference this value from within my custom condition if this is the case?
I think klee means a saved search that alerts via email.?!
if I go with the custom-condition route, how would i access the a value similar to the threshold variable from within the condition?