Hi
I have a stream of events coming continuously, but with lag from the source which varies from 5 to 15 mins.
I want to run real-time searches based on these events, so I use `rt-15m`. But after search, I need to send email alerts based on search results. Problem is that in alerting settings, I can't set `rt-15m`, only rt.
How can I set up alerts to run in `earliest=rt-30m latest=rt-15m` time frame?
↧