Hi there,
I need to create an alert basing on average failure rate in 60 min. Here is my search sourcetype="mysourceType" AppID = "myApp" | eval Failed= if( myData> 0, 1, 0) | stats avg(Failed) as FailRate
The alert condition is search FailRate > 0.1
However the search returns the intermediate results before the search is complete. I want the alert generated only the search is complete in 60 min. I couldn't figure out to create a search only shows the final overall average for FailRate for the alert.
Any help is appreciated.
Thanks
... View more