Is it possible to create a log threshold condition that triggers if event.keyword is apConnectionLost OR event.keyword is apConnected? The UI is only allowing the AND operation.
WHEN THE count OF LOG ENTRIES
WITH event.keyword IS apConnectionLost
AND event.keyword IS apConnected <==== Looking for OR
IS more than or equals 1
FOR THE LAST 10 minutes
GROUP BY apName.keyword
Thanks!
Hello Terry,
You could try an Elasticsearch query alert if the Index threshold alert is too constraining. Here's a link to the docs which primarily focus on the threshold alert, but it all still mostly applies, just substitute the query you want to run for the threshold portions.
Regards,
Aaron
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.