Hi,
I have a dashboard, where in a column "status" have text with success or failed, i want to set up a alert for every 15 mins, if the value is failed. how can i achieve this in the XML code that i already have with dashboard.
Hi @ramyaashok,
let me understand your need:
Is this correct?
You could put the values to search in a lookup and use it for the search:
if the value is in your events in one specified and fixed field (called e.g. my_field), run a search like this:
index=my_index [ | inputlookup my_lookup.csv | rename pattern AS my_field | fields my_field ]
if instead you don't have the value in your events in one specified and fixed field, run a search like this:
index=my_index [ | inputlookup my_lookup.csv | rename pattern AS query| fields query ]
Use this search to create your alert to schedule with the frequency you like (e.g. 15 minutes and fire everytime you have results.
If you like, you can also insert a threeshold adding at the end a condition:
| stats count
| where count>threeshold
or managing the threeshold in the alert.
Obviously, the first one is better!
Ciao.
Giuseppe