I want to alert based off a current value and if that value increases over a threshold within a set time.
I want to alert if I have a count of 100 and if it grows to 200 within 30 minutes. The 100 count will grow no matter what, but I want to alert if it grows a lot within a set time so we can look into what is going on or why it is growing. This will be used for licences and sourcetype alerting.
↧