I am having trouble with getting a email triggered for the following condition.
"Number of Results is = 0"
the search query is as follows.
index="xxxxx" sourcetype="syslog" earliest=-1d latest=now | stats count
the result of the search is :
count = 0 .
It is able to send other alerts.
... View more