I have a query that displays avg duration. How to i modify query to alert if avg ( duration) is greater than 1000 last 15 mins.
index=tra cf_space_name="pr" "cf_app_name":"Sch" "msg"."Logging Duration" AND NOT "DistributedLockProcessor" |rename msg.DurationMs as TimeT |table _time TimeT msg.Service
| bucket _time span=1m
| stats
avg(TimeT) as "Avg"
by msg.Service
