Hi,
Below is a snippet of log pattern generating tons of record. Intending to write a alert if any log are missing for given time time range.
sourcetype source activity
sourcetype1 myLog.log activity1
sourcetype1 myLog.log activity2
sourcetype2 myLog.log activity3
sourcetype2 myLog.log activity3
sourcetype3 myLog.log activity1
sourcetype3 myLog.log activity2
sourcetype3 myLog.log activity3
Is a search, lookup or simple individual query on sourcetype best approach for making sure logs are generated for each sourcetype? Looking for best approach. Thanks.
↧