Hi,
I need an alert to be created, which should trigger only if we receive continuous failures for 5 times within a span of 10 mins.
1) Trigger alert
failure
failure
failure
failure
failure
2) do not trigger alert
failure
failure
failure
failure
success
failure
failure
failure
failure
success
You could do something around:
| autoregress status p=1-4
| where status = "failure" and status_p1 = "failure" and status_p2 = "failure" and status_p3 = "failure" and status_p4 = "failure"
You could do something around:
| autoregress status p=1-4
| where status = "failure" and status_p1 = "failure" and status_p2 = "failure" and status_p3 = "failure" and status_p4 = "failure"