Hello guys,
I want to make an alert if number of hosts is lower than 5 in a sourcetype search.
To be more specific, I have 5 hosts that send logs into `sourcetype=test`. If one of the hosts stops publish logs into this sourcetype for the last 30 minutes, I would like to get an alert for it.
I'll be glad if you can help me.
↧