topic Re: Alert Setup - Based on percentages in Alerting

Alert Setup - Based on percentages

kragav — Fri, 16 Sep 2011 11:23:11 GMT

Hi 'am trying to setup an alert to trigger based on percentage. But couldn't find the options for the same. Please could you assist me.

For eg:

An alert should trigger if the failure event >=5% of the total events.

Total events = 100
Failure events = 6
Success events = 94

In above case, an alert should be triggered since the failure event is >=5%.

Re: Alert Setup - Based on percentages

Drainy — Fri, 16 Sep 2011 11:58:01 GMT

 | eval percentage=((failureevents/successevents)*100) | where percentage>=5

If you could paste some example data it would be easier to give a more accurate answer 🙂
The above is roughly what you want to be doing to produce a percentage that you could perform an alert on

Re: Alert Setup - Based on percentages

borisalves — Fri, 23 Sep 2011 23:58:55 GMT

Here is my illustration

I create 2 tags

Bad_End totalParts=0, totalParts=1

Good_End totalParts=2, totalParts=3, totalParts=4

Executing this search on my filtered target

| top tag::totalParts

Returns:

tag::totalParts count percent

1 Bad_End 34 1.816239

2 Good_End 1838 98.183761

I would like to Alert based on Good_End being smaller than 97%

I saved the search and would like assistance with the Custom Conditional search expression that would trigger and Alert.