Hi,
I am using the following search for monitoring number of Threads on a server:
index=perfmon host=CCEVPSYCA01 sourcetype="Perfmon:System" counter=Threads| eval Date=strftime(_time, "%Y-%m-%d %H:%M") | rename Value AS Threads | table Date, Threads | SORT BY Date
and I want to set up an alert to be triggered when conditions are met (custom alert): Threads > 1600. But Splunk does not allow me to specify this condition in the alert "threads > 1600".
Could you please help me in resolving this? Thanks,
... View more