How do i join these two events where both are true for a one minute time range?
index=BOB "No response from remote server RegistryClient "
Returns two events on host server A:
1 A - 14:59:55
2 A - 16:00:15
index=BOB "getTestRegistry remote call to ping registry failed!"
Returns multiple events on one or more of these host servers L, M, N, & O as follows:
1 LM - 5:00:25
2 LMO - 13:10:15
3 NO - 13:50:11
4 L - 14:20:19
5 M - 15:01:05
6 MN - 16:11:00
The goal is to trigger an alert on (1 A - 14:59:55) and (5 M - 15:01:05 ) as they happened within one minute of each other. All other events do not matter.
↧