Hello Team ,
i need to set up alert when to condition meets i should get alert.
1st condition (string) - BEA-000337
2nd condition Started time is greater than 6000 ms
could you please help
If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
here is sample event :
########################################################################
<Error> <WebLogicServer> <BEA-000337> <[STUCK] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "633" seconds working on the request Version: 0, Scheduled=false, Started=true, Started time: 11600000 ms
##########################################################################
when we get stuck thread . . BEA-000337 error code will always be there but tricky part i just need to get alert only when Started time: greater than 1000000 ms
You didn't include the fields that are extracted from this event so we may be doing this the hard way.
index=foo "BEA-000337"
| rex "Started time: (?<startedTime>\d+)"
| where startedTime > 1000000
Save this search as an alert and have the alert trigger when the number of results is not zero.
If your problem is resolved, then please click the "Accept as Solution" button to help future readers.