Hi All,
We have index=gems, in the index we have configured gems servers and wms servers and also created one alert. The alert name is CBSIT Alert GEMS NFS stale. So, we want create an alert for wms servers with the same alert .
So, here for us a single alert should contain gems alert name when gems server alert trigger and WMS alert name when WMS server alert trigger.
In the index=gems having gems servers 7 and wms servers 7
Ex : Gems server name sclpisgpgemspapp001
WMS server name silpdb5300.ssdc.albert.com
We are using below SQL query for CBSIT Alert GEMS NFS stale
Alert name : CBSIT Alert GEMS NFS stale
index = "gems" source = "/tmp/unresponsive" sourcetype=cmi:gems_unresponsive | table host _raw| eval timestamp=strftime(now(),"%Y-%m-%d %H:%M:%S")
| eval correlation_id=timestamp.":".host
| eval assignment_group = "CBS IT - Application Hosting - Unix",impact=3, category="Application",subcategory="Repair/Fix" , contact_type="Event", customer="no573", state=4, urgency=3 , ci=host
| eval description = _raw , short_description = "NFS stale on ".host
Can you please help us here.
... View more