1

I have a Sumo Logic alert that works well during business hours on work days.

It is checking on the number of successful calls during the last hour. If the number is below a threshold an alert is generated. The checks are run on an hourly base.

My problem is that at night or on the weekend the expected number is much lower than during business hours. Sometimes there are 1-hour intervals without any calls at all, thus no call succeeds and an alert will be raised.

How can I limit my alerts to the business hours as I don't need monitoring for night time or weekends?

4

2 回答 2

0

对于 Sumo Logic 警报,每个警报的核心逻辑必须嵌入到查询中。在这种情况下,您需要在查询中过滤营业时间并将警报设置为仅在有结果时触发。那么如何查看营业时间呢?使用一些时间转换函数,例如 formatDate() https://help.sumologic.com/Search/Search_Query_Language/Search_Operators/formatDate

例如: * | formatDate(_messagetime,"EE") as DayOfWeek | formatDate(_messagetime,"HH") as HourOfDay | where (!(DayOfWeek in ("Sat","Sun"))) and ((HourOfDay>=6 and HourOfDay<=17))

于 2016-09-19T22:11:32.753 回答
0

您还可以使用自定义 cron 搜索频率和仅在工作日运行的 chron 进行预定搜索

于 2018-12-19T19:46:33.697 回答