Hello Everyone,
I have created alerts where i have to throttle according the fields.
So my doubt is, whether i need to put the Renamed filed / the actual fields in throttling parameters
e.g. index=main source=service | table host,service,Status| where Status="stopped"|RENAME host as "Server_Name"|RENAME service as "Service_Name"
Throttling fields: host, service OR should be Server_Name, Service_Name
Alerts are per result basis. Please suggest on the scenario.
