I am new to SumoLogic and trying to setup an alert to send an email to support group if the message had 'zero rows' text. I would like to notify for first instance and give time to fix the issue by support team.
I have a monitor which logs error message to SumoLogic every 15mins until it is resolved. I would like to setup a real-time alert from SumoLogic to send an email to support group. If the message is same as previous instance then it should not send duplication email.
I have tried following criteria but it misses to send an alert for few instances.
searchQuery":"_sourceCategory=perfeval/monitor | logcompare timeshift -90m | where _deltaPercentage > 0
I have also tried to setup a 'Real Time' option but it sends an email every 15 mins with same message.
I appreciate your thoughts and help.
Please sign in to leave a comment.