I have this search:
notable | where urgency="critical" | table _time source src dest user urgency | eval computer=coalesce(src,dest)
I want create alert to send email in each once appear new result, means I want send email in each once appear (new event) urgency=critical in incident review
please help me and support;
Tahnks
