I have created 2 extracted fields. The 1st I have created from a main list which is RFQ_Request,
and the second one is from a list from another search. I saved both extracted fields as RFQ_latest.
I want to subtract RFQ_Request - RFQ_latest and if there is any result, I need to alert on this.
Please help me to make alert for this.
You'll need a search with both fields in it. Then compare the two and trigger an alert if there are more than zero results.
search 1 | fields RFQ_Request | append [ search 2 | fields RFQ_latest] | where RFQ_Request > RFQ_latest
but this is going to fire everytime? is there way i can set previous records which already got Alert, should not come next time.
like if 12345 i got alert.
next time in my log i dont want to see?? can we do some thing like that??
If you limit your search to a certain time range it will only trigger an alert once per event. For example, if the search only looks at the last 5 minutes and runs every 5 minutes, then you'll see a given event only one time.
this one did not work, any issue??
i did same like you?
Received quote request, will send ack |fields RFQID | append [Retrieving latest version of RFQ id |fields RFQID_RFQ_Update] | where RFQID > RFQID_RFQ_Update