- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
miguelangelclem
Explorer
04-16-2020
03:12 AM
Hi all,
I have created an alert with this simple query:
index=foo host="bar" action=fail | stats count by user | search count>40
It is scheduled every hour and the trigger setting is Number of Results greater than 0
I have tried adding table and fields commands but it still doesn't work
Why could this happen?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harishalipaka
Motivator
04-16-2020
11:50 PM
hi @miguelangelclemente
have a look into this
Thanks
Harish
Harish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harishalipaka
Motivator
04-16-2020
11:50 PM
hi @miguelangelclemente
have a look into this
Thanks
Harish
Harish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
memarshall63
Communicator
04-16-2020
07:00 PM
What is your search time frame?
A user would have to fail 40 times within your search time frame to qualify as an alert.
Is that what you're expecting?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
miguelangelclem
Explorer
04-17-2020
12:23 AM
Yes, I am expecting that.
I have found the problem and was the email configuration as @harishalipaka tell me. The alerts didn't appear because i had not set the action, and the email wasn't sending for a misconfiguration in server.
Thanks!
