Hello everyone,
I have a good search (SPL) to see what was the last fired alerts but I don't have one to see what was not, do you how to do?
Regards,
Rafael Santos
Hi @rafamss ... lets say you have a simple log file containing the list of usernames(100 usernames=1 root, 99 non-root users). you created an alert for finding out if the username is equal to root.
the alert will fire for that 1 root user and all else are the alert-not-fired condition.
so, we can not find out or list down the alerts that are not fired.
(if alert fired but email notification, no other actions, then, that can be troubleshooted.)
Hi @inventsekar,
Thank you for your answer. Well, I understand your point but what I want to do is display the list of alerts that weren't fired, for example:
An alert to send an email every time that a root account logs into a system, this alert needs to run every time and I want to know if the alert couldn't run.