cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
pierrem
Engager
Member since: ‎04-12-2022
‎05-11-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-12-2022
View All

Re: Alert Trigger Condition - Alert only if second...

by in Alerting
‎05-11-2022 03:34 AM
‎05-11-2022 03:34 AM
Thanks ITWhisperer  It works like a charm, I just removed the lasttime statement as the alert is configured to run in a cron schedule searching last 15min 🙂   Thanks for the quick assistance  ... View more

Alert Trigger Condition - Alert only if second str...

by in Alerting
‎05-09-2022 01:37 AM
‎05-09-2022 01:37 AM
Hi All,  I'm currently trying to configure a alert to trigger when 2 events are NOT present in last 15min.  In short if we have only Event1 but not Event2 then a alert should be triggered, if both events are present in last 15min then no alerts should be triggered.  Use case, the alert is being configured to alert us when a VPN tunnel interface goes down and stays down for more than 15min, generally these VPN connections to terminate briefly but comes back up after a few seconds, hence we would like only alert if Event1 (down) took place in last 15min without Event2 (up) taking place.  Event1 - Search query index=firewall 10.10.10.10 Firewall_Name_XYZ=TEST123 AND "Lost Service" Event2 - Search query  index=firewall 10.10.10.10 Firewall_Name_XYZ=TEST123 AND (inbound "LAN-to-LAN" "created") Search Query to show both events  index=firewall 10.10.10.10 Firewall_Name_XYZ=TEST123 AND ("Lost Service" OR (inbound "LAN-to-LAN" "created")) Any assistance will be greatly appreciated 🙂   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-11-2022 06:55 AM
Karma given to
View All