Hello,
I would like to set up a scheduled alert that triggers when a field value is matching for 2 hours.
To give a further explanation, when our job runs long or stops running, one of the fields remains the same. This is okay as sometimes the jobs do run long and still complete, but if it runs over two hours it is something that needs to be looked into. Please find my attached search results. I would like to alert when the "ConfigVal" field displays the same timestamp for 2+ hours.
Does anyone know what my search criteria would be for this?
![alt text][1]
[1]: /storage/temp/162196-2016-09-29-11-05-16-search-splunk-625.png
↧