topic Re: How do I make an alert that triggers when the count is greater than 5, but doesn't when it's less than one? in Alerting

How do I make an alert that triggers when the count is greater than 5, but doesn't when it's less than one?

paulalbert — Mon, 17 Sep 2018 20:21:39 GMT

Alert should be triggered when count is greater than 5 but also include records that don't trigger that alert

I want my alert to return 6 fields, but only in cases where six or more of them are where isToday = 1. This alert should also include cases where isToday = 0.

How can I do this?

Thanks!

Re: How do I make an alert that triggers when the count is greater than 5, but doesn't when it's less than one?

harsmarvania57 — Tue, 18 Sep 2018 10:56:36 GMT

Hi @paulalbert,

You can try below query

<yourquery>
| stats count(eval(if(diff1 < 3600*24*1, 1, null()))) as isToday by CWID, employeeStartDate, sn, givenName, employeeID, loginStatus
| eventstats sum(eval(if(isToday="1",1,0))) AS cn_isToday
| table CWID, empStartDate, sn, givenName, empID, loginStatus, isToday, cn_isToday

and then schedule alert with Alert Condition -> Trigger alert when -> Custom -> search cn_isToday >= 6

Re: How do I make an alert that triggers when the count is greater than 5, but doesn't when it's less than one?

paulalbert — Tue, 18 Sep 2018 14:44:36 GMT

Thank you so much!!