I need to create an alert that triggers when an approval rate is less than 85% over the last 10 minutes. The logs i get tell me if an event has been approved or declined. How do i add all the approved and declines over the last 10 minutes then create a proportion out of it in an alert?
You first need to construct an ES query that will give you the ratio you desire, then use that ES query as the basis for your Watch for alerting.
The ES query to calculate the ratio will use a bucket script aggregation
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.