Hi, I want to create an alert on traffic drop deviation. Something like if the traffic drop by 50% than what was it in last hour or if the traffic drops to zero, then I want the alert triggered.
Creating alert on 0 traffic is easy but that could give false positives as well so I am trying to find a way to alert only if there is a significant deviation.
Is that possible? I have this query at the moment which looks into the incoming requests. I can run the alert every 15 or 30 minutes and want to trigger if there is a deviation.
index=myapp_prod "message.logPoint"=INCOMING_REQUEST | timechart span=30m count
@ITWhisperer This was perfect. Everything I needed. Thanks for the help. 🙂
Just one more thing, Is there a way to compare that with same time frame but from last week? For example 10:00 today Thursday with 10:00 Thursday last week?
There is a timewrap command for this sort of thing.
index=myapp_prod "message.logPoint"=INCOMING_REQUEST | timechart span=30m count | streamstats window=1 current=f values(count) as previous | where count / previous < 0.5