Hi -
I need to create an alert where if a process is not running in a linux server , then it should send out an alert :
Below query is giving me correct results of all the processess running in a server :
index="index-name" source=ps host="hostname*" process="*process_name*"
| dedup host process
| join host [search index="index-name" source=ps host="hostname*" process="*process_name*"
| stats latest(host) latest(_time) by host |eval lastSeen='latest(_time)'|fields host lastSeen]
|eval status=if(lastSeen<(_time - 300), "not running","running")
|table host status process
Example Output :
Host : hostname
Status : running
process : process_name
But i need to send an alert if the status is not running
Could anybody help me with it
↧