How would I set an alarm from a _sourceName value that is returning a 21% message and set an alarm when that message is greater= to 85%, send an email?

Follow

PGI WebOps

• July 18, 2016 19:10

07/18/201614:15:12.740 -0400 agenday* message=21% Host: ip-10-xx-xxx-xx Name: Root_Disk Category: disk

0

• 

  Kelly Hamm

  • July 19, 2016 15:26

  Hi, assuming this is the intact multiline message you've posted: | parse "message=*%" as perc | where perc>=85 | count by _sourceName set that up in a scheduled search, choose your timeframes and recipients, and you should be good to go.

  0

  Comment actions Permalink

Please sign in to leave a comment.