Hi,
I have a query which is in timechart:
index=PQR sourcetype=abc NOT "\\x00\\x00\\x00\\x00\\x00"|timechart count by ID
Results i am getting:
_time p1 p2 p3 p4
2016-05-11 00:00:00 0 1 1 0
2016-05-11 00:10:00 1 1 0 2
2016-05-11 00:20:00 2 1 2 3
2016-05-11 00:30:00 1 0 0 0
I want to trigger an email alert on `P1` if the `count>1` for every `10 min`. I created a alert with `cron job for every 10 min` and custom condition : `Search P1>0`
ALert mode: I want when the count of P1 is increasing (once per search i kept)
requirement: if the P1 count comes in next 10 min example(2016-05-11 00:40:00) as 1 then i need a email to trigger
Thanks in advance.
↧