Hi -
I need to create an alert where if a process is not running in a linux server , then it should send out an alert :
Below query is giving me correct results of all the processess running in a server:
index="index-name" source=ps host="hostname*" process="*process_name*"
| dedup host process
| join host [search index="index-name" source=ps host="hostname*" process="*process_name*"
| stats latest(host) latest(_time) by host |eval lastSeen='latest(_time)'|fields host lastSeen]
|eval status=if(lastSeen<(_time - 300), "not running","running")
|table host status process
Example Output :
Host : hostname Status : running process : process_name
But I need to send an alert if the status is not running.
Could anybody help me with it?
... View more