Need some help to setup an alert. I have created a alert but my issue is that the alert trigger all the time on the same results. My search is like this index="" sourcetype="" Something went wrong when parsing a offer for campaign, result is falsy | dedup campaign.id
I only want once alert per campaign but now i get same alerts on same campaigns.
My setup is:
Cron Expression: */5 * * * *
Throttle: 10 minutes
Someone who can help with this?
Here is my code search
index="" sourcetype="" Something went wrong when parsing a offer for campaign, result is falsy | dedup campaign.id
I can change the time. Anyway it stil gives me same alerts
you have a ime period of 10 minutes and a frequency schedule of 5 minutes,this means that you use the same data two times in your alerts, could you reduce the time period or enlarge the frequency?
What's your trigger condition: could you share your search using Code Sample button (otherwise I cannot read your code)?
Yes that's correct. But the problem here is that I get same results on my search. So when the alert run the search I got the same results and then I receive the same alert after 10 minutes etc. I want alerts when I have new errors on new campaigns. So I want to receive 1 alert per campaign.id error. Now I get spammed of same alert every 10 minutes
you could write the result of the search (the Campaigns) in a lookup (using outputlookup command) or (better) in a summary index (using collect comand) and exclude them from your search.