We were hoping to use Anomaly detection to detect when a cron job does not run.
Is anyone able to provide some search parameters to detect this?
_sourceCategory=cron | parse "CMD *" as command
| count_distinct(_raw) by command
I was hoping something like this could be used, but you're not able to use aggregated data for anomaly detections.
Please sign in to leave a comment.