Alerting

how to I set an alert to search every 5 minutes ?

Explorer

Hi,
how do I set an alert to check the status every 5 minutes ?
and another question - how can I set the throttle to be set per host ?

for example - I'd like to get an alert when a host is sending syslog about Spanning Tree root guard.
and I'd like the alert to ignore that specific host for 1 hour.
BUT I do want the alert to alert me in case that another host is sending the same alert.

is that possible ?

Tags (3)
0 Karma

Motivator

The below link should walk you through how to set up an alert. It even uses host as a throttling example.

About alerts

Here's another example: Alert examples

Hope this helps

Explorer

I'm sorry but I don't understand from these links how to set alert to scan the indexer every 1 minute or every 5 minute.
can you please elaborate ?

0 Karma

Motivator

To edit the scheduling of the alert do the following:

  1. Save the search as a report (or alert)
  2. Go to settings > searches, reports and alerts
  3. Click on the name of the report/alert
  4. Check the box "Schedule this search"
  5. The first option should be how frequently you run the report/alert. Schedule type is either basic or cron. If you select basic it will give you options such as "every minute" or "every hour". If you select cron, you will be allowed to enter the exact cron format of how you want the job to run.

Hope this helps

0 Karma