I am getting the following error with the new version.
command="sendresults", Error : All results must contain a field named email_to with the intended recipient.
I am not what I am missing in the query.
index=mtr source="mine" level=ERROR
| sort - _time
| eval Time = strftime(_time, "%m/%d/%y %I:%M:%S %p")
| eventstats count as TOTAL_COUNT
| eval criticality = case(TOTAL_COUNT > 100, "Critical", TOTAL_COUNT >= 50, "Warning", 1==1, "Info")
| eval email_to=case(
match(criticality,"Critical"), "chandra.kolla@xyz.com",
match(criticality,"Warning"), "abcd@gmail.com",
match(criticality,"Info"), "chandra.kolla@qwerty.com")
| eval email_subj=case(
match(criticality,"Critical"),"Critical Severity Errors",
match(criticality,"Warning"),"High Severity Errors",
match(criticality,"Info"),"Info Severity Errors")
| table Time,level,serviceName,requestId,ipAddress,logger,message,email
| sendresults
... View more