Hello,
We have an alert that tells us when a service stopped. However, the services will sometimes restart. How can we have an alert that will also check if the service remains down?
Is it possible?
Thanks,
Luis Embalo
Maybe something like this might work
index=* "success" earliest=[search index=* "failed" | timechart latest(failed) as earliest | fields earliest] | stats count
If the count is 0 its probably because the service hasn't restarted.
That searches for a service that is down.. what I am looking for is for way that sees the service as going down, and then keeps watching to see if it came up. If it came up, then nothing happens.. if it did not come up, then alerts.
Is that possible?