I am trying to setup alert based on time chart. my objective is check user login and if no user logged in for 1 hr send me alert. also I don't want to send me alert between 1am-5am because low traffic on my site. this what I have tried but not working.
index=mysite host=webserver* "user-loggedin" |where NOT (date_wday=monday OR date_wday=tuesday OR date_wday=wednesday OR date_wday=thursday OR date_wday=friday OR date_wday=saturday OR date_wday=sunday) AND (date_hour >=2 AND date_hour<=6) | timechart count as count span=1hr
the alert should trigger if the count less than 0.
thanks
↧