I have a saved search, that starts with a dbquery | dbquery , then does some transformations and ends with a collect statement.
When I run this search manually, there are resulting events and all results go to the "Statistics" tab.
I want to monitor, if indeed data was collected by my saved search.
This does not do the trick:
counttype = number of events
quantity = 1
relation = less than
simply because there are no resulting events.
Is there a way to trigger an alert based on the number of rows in the "Statistics" tab?
... View more