I would like to make an alert that is triggered when the sum of some values is greater than 25% of the sum of another set of values. Basically, I would like to alert the user when the quantity of scrap produced is greater than 25% of however much quantity is produced. Right now I have the following in a search:
index=wipscrap OR index=componentscrap
| stats sum(Scrap) AS totalscrap sum("Qty Good") AS totalqty
| eval scrapallowed=totalqty*.25
This gives me a table with three columns and the sum of the values for each column. Do I need more information in my search for this alert to work? What would my custom trigger be to make this work?
↧