Hi,
I have a periodic search looking for a specific pattern in the logs and assign status to the result:
...|eval status=if(count=0,"not found","found")
Is there a way to raise an alert only in the case that the latest search's status value differs from the status returned by the previous one?
I mean, without having two alerts set with different triggers, but based on the same search (which will need to be run twice in this case).
... View more