I am trying to generate alerts. I have a search query as
index=abc-index host="XYZ123*" collection="AppServer:OrderTracking" counter="Avg. Order Save Time" earliest=-1h
| stats avg(Value) as avgs by host
| where avgs > 5.2
Trying to generate an alert if avgs is larger than 5.2 over the period over last 1 hour. The sample event is like below.
09/01/2017 05:25:19.540 -0700
collection=AppServer:OrderTracking
object=AppServer:OrderTracking
counter="Avg. Order Save Time"
instance=0
Value=8.4719344999999997
I have set up the threshold low at this point so that I can test that the alert is generating. When I am searching with this query, getting at least 3 rows in the Statistic tab with 3 host names and avgs > 5.2
I have set up the alert trigger as
Run on Cron Schedule: */5 * * * *
Number of Hosts: is greater than 0 (I have also tried Number of Results also)
Trigger: Once For each result
Throttle: Checked
Suppress triggering for 15 seconds
Trigger Actions: Alert as well as email to my email address.
With this setting I expected alert emails in every 5 minutes, but not receiving none (BTW other alerts with simple search sending alerts). I am not sure whether I am missing any basics. Any suggestion will be highly appreciated.
↧