trying to setup an alert for certificate expiry. First alert will say, certificate will expire on 90 days. How to setup next alert when the expiry days = 60 days within the same alert?
ns=application_logs "Cert DN = CN=E3.certificate"
| table Number, DN,Date
| dedup Number, DN,Date
|eval dateDue=strptime('Date',"%a %b %d %H:%M:%S %Z %Y")
| eval days = round((dateDue-now())/86400)
| table Number, DN,Date,dateDue,days
| search days = 90
Here i have setup an alert when condition satisfies expiry days = 90. I need to setup a another alert when expiry days = 60.
First alert will be on when days = 90, next should be on days = 60
@ashanka add both conditions in the same search filter with OR
condition so that records are returned in either case for 90 days and 60 days.
<yourCurrentSearch>
| search days=90 OR days=60
@ashanka add both conditions in the same search filter with OR
condition so that records are returned in either case for 90 days and 60 days.
<yourCurrentSearch>
| search days=90 OR days=60
yes it worked:) thanks
Dear @ashanka,
Try the below option.
| search days = 90 OR days = 60
Thanks ..
Thanks shankar, it worked