My Kibana version is 7.9.3
Every 60 seconds I'm sending data to elasticsearch.
I can see those logs in the observability log section and the series of logs that should trigger the alert, but when I create the alert it doesn't fire.
Here is the alert:
check every: 20 sec
WHEN more than 1 log entry OCCURS
WITH message.Done_ MORE THAN 2
AND message.Name IS QUEUE.APP
FOR THE LAST 5 minutes
GROUP BY Nothing
it's quite odd that the alert doesn't fire as if I copy the name and look for it in the observability log section I can find values of the message.Name updated and the message.Done_ value is 45147 so it should fire but the alert is always inactive.
I tried to run the conditions separately creating 2 different alerts and individually they were firing.
Did anyone had something similar? I really don't know what else to try
Thank you in advance for any help