Hi,
I have this simple search to find out some errors in the logs:
index=cohl source=msmq earliest=-24h@h latest=now "System.Data.SqlClient.SqlException: Timeout expired*" "Servername*" | xmlkv | dedup Machine | stats count by Machine
As a result of this search, I get a table which has one row listing of all the servers and another row listing the count, this count is the number of occurrences of the keyword.
I need to create an alert to send email if, in 15 minutes, the count on any of the servers is more than 10. Any idea on how to do it??
↧