0

I currently have a query that results in a couple stats being shown, "Statistics (5)"

enter image description here

I use this query to get those Stats:

index=ms-app  environment=prod AND "*"
| eval uri=replace(mvindex(split('request.uri', "?"), 0), "\/\d+[-+\w]+", "/:n"), methodOverride='request.headers.X-HTTP-Method-Override'
| eval methodOverrideStr = if(isnull(methodOverride) OR methodOverride=="null", "", "(" + methodOverride + ")")
| eval request = 'request.method' + methodOverrideStr + " " + uri + " " + 'response.httpStatusCode'
| stats
median(stats.overallResponseTimeInMilliSeconds) as "Median"
| table request, "Median" > 3000 | where Median > 3000

I want to create an alert that will trigger every time one stat appears

Currently have my trigger set up like this: enter image description here

Then i have an action that it will go to a slack channel i created when triggered.

However i do not ever see it being triggered in my slack despite having results in the Statistics section of my query

4

1 回答 1

0

最好在Number of Results is greater than 0.

您的触发警报条件无效。您将使用类似的东西并在搜索表达式的末尾where count > 1包含 a 。stats count不过,这过于复杂。

您似乎还希望每分钟搜索 7 天的数据。根据数量,这可能是一个昂贵的查询。最好查看其他选项,例如摘要索引。

于 2020-05-12T23:28:18.430 回答