i have an alert that send email to my id when the event is triggered.
I also want the same alert to dump the data into my summary index.
I added | collect index=sumindex
at the end of my alert.
Alert still works and fires email, but is not writing anything to the summary index.
Can anyone help me where I am wrong or has a better way.
↧