Basically I am trying to raise an alert when a device goes down. But want to raise an alert after 20 mins. For eg:-
{"hostName": "WIN_27806", "status": false,"lastChangedTime": Jun 25, 2020 @ 16:58:38.000}
Can the query be like this in kibana.
status : false and now > "lastChangedTime+20m"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.