Hi all,
I'm trying to find which programs from a given list haven't raised an event in the eventlog in the last timeperiod to create an alert based on it.
For an individual alert I have
index=eventlogs SourceName="my program" | stats count as COUNT_HEARTBEAT | where COUNT_HEARTBEAT=0
which works.
How can I supply a list of programs and list which of them have a COUNT_HEARTBEAT of 0 so that I can make a generic alert?
Thanks,
Kind regards,
Ian
See this blog entry for a good write-up on how to do that.
https://www.duanewaddle.com/proving-a-negative/
See this blog entry for a good write-up on how to do that.
https://www.duanewaddle.com/proving-a-negative/
Thank you, that is the perfect answer.
You could store them in a csv file and append that to your events then count by program name.