Hi, Thanks for you reply. using following query i am able to get all the failed jobs. index=emr | search applicationType=SPARK finalStatus=FAILED In our environment more than 300 jobs are running per day.(batch jobs & streaming jobs). #1:-I want to setup an alert, if fail jobs count reach to 5% then it trigger the alert. #2:-Numbers of job can be fluctuate. some day total count would be more than 300 or less than 300. So percent (5%) should be on actual count. like total count of the day is 280. then what would be the parameter. Please give me the query what should i need to run. Thanks in Advanced ... View more

Hi, Thanks for you reply. using following query i am able to get all the failed jobs. index=emr | search applicationType=SPARK finalStatus=FAILED In our environment more than 300 jobs are running per day.(batch jobs & streaming jobs). #1:-I want to setup an alert, if fail jobs count reach to 5% then it trigger the alert. #2:-Numbers of job can be fluctuate. some day total count would be more than 300 or less than 300. So percent (5%) should be on actual count. like total count of the day is 280. then what would be the parameter. Please give me the query what should i need to run. Thanks in Advanced.     ... View more