payload Search with key value

Follow
Avatar
Arnab Mondal
  • Edited

Hi Team , 

My payloads which is visible in  the log search has some key values at times . I want to put a query only when I get tat specific key value (

200 OK  YMKT UAT

so that I can get that as count .   is it possible? If yes how ? 

 

Also it si possible that when I get a specific value the I get an alarm in my dash board ? 

Also Is it possible to trigger an email in case of a specific payload ?

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Rick Jury

    add this to your search:

    "200 OK YMKT UAT"

     

    to count total add:

    | count

     

    to count over time add:

    | count by _timeslice

     

    once you the aggregate count in your query you will find an add to dashboard button will appear so you an add it as a panel.

    To schedule an alert to say email or webhook to slack you can follow the instructions here in detail: https://help.sumologic.com/Visualizations-and-Alerts/Alerts

     

    In your case I'd suggest you add a line like this say if you want to alert only when it's > 100

    | where _count > 100

     

    Then when you save the alert search you can use criteria to only send alert when number of events is > 0. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post