Hi @koushik,
let me understand: why do you want two alerts if you have to check that you haven't logs in a period?
you could have two alerts if you have a different threeshold in the two periods, but you have to check only if there are logs, so I think that you don't need two alerts.
Anyway, if you want two alerts, you have to follow two times this procedure:
- create the search using the timeframe you want in the alert (e.g. 30 minutes),
- Save as - Alert
- add the following infos:
- Title - mnemonic name of your alert,
- Description (optional) - a description of your alert to remember it,
- Permission: shared in App - kind of permission of your alert,
- Alert Type: Scheduled - don't use real time because it't too expensive in terms of resources
- Run on cron schedule - scheduling the alert execution
- Time range - 30 minutes
- Cron expression: */30 * * * * - it means run every 30 minuts
- Expires 24 hours - time that the search results are available
- trigger aler when Number of results - trigger condition
- is equal to 0 - trigger if no results
- trigger once - only one alert
- Trigger actions: Add alert - add the actions to associate to you alert (email, script, etc...), add always the "Add to triggered alerts" action
- Save
If you want two alerts, the only difference between them is the cron expression and/or eventually the message in the eMail:
- */30 1-6 * * *
- */30 7-24 * * *
Ciao.
Giuseppe
