Hello,
I am having trouble setting up an alert based on a numeric field. I am trying to send an alert when the field is above a certain threshold perhaps somebody could give me a hand. currently I have
{
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logs-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"range": {
"seconds": {
"gte": "0"
}
}
},
{
"range": {
"@timestamp": {
"gte": "now-1d",
"lte": "now"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.hits.0._source.seconds": {
"gt": 200
}
}
},
"actions": {
but it detects nothing even though I have events that have the field seconds that are larger then 200.
any help will be much appreciated.
regards,