topic email alert condition in Reporting

email alert condition

jvmerilla — Thu, 25 Oct 2018 09:55:37 GMT

Hi,
I have an email alert that will send a table with a field Status.
Now, I need to send this email every hour starting from 8am, until all values of Status is equal to 100%.
If all Status is equals to 100% it should stop sending email.

Is this possible to do in email alert?

Thanks in advance!

Re: email alert condition

renjith_nair — Thu, 25 Oct 2018 10:23:45 GMT

@jvmerilla,
Yes, schedule it for every hour and add a condition to the search or alert where Status<=100 . In this case, when status is 100 , then the alert won't be triggered.

Re: email alert condition

jvmerilla — Thu, 25 Oct 2018 11:32:15 GMT

Hi @renjith.nair,

Would it work if I have for example 10 events.
For example by 8am, only 2 the events have Status=100%, so it will send alert containing all the events, including the Status=100% and Status!=100%.
But when every event has Status=100%, is should stop sending email.

Re: email alert condition

renjith_nair — Thu, 25 Oct 2018 12:32:57 GMT

@jvmerilla,
Yes , we can do it by adding this to your search (remove the previous where Status<100)

"your search to get all the events with Status"|eventstats count(eval(if(Status=100,1,null()))) as count_by_status,count as total|where count_by_status!=total|fields Status

Below is a run anywhere example. Try it by changing the values of Status (100,90,80)

|makeresults|eval Status="100,90,80"|makemv Status delim=","|mvexpand Status
|eventstats count(eval(if(Status=100,1,null()))) as count_by_status,count as total|where count_by_status!=total|fields Status