How to enable alert if sourceCategoriesor category has no logs over 1 hour duration in the collector

Follow

Arunkumar Natarajan

• September 12, 2022 16:12

Is it possible to trigger the sumo alert when the category and source category has not received any log in the collectors over the last 1-hour duration?

Thanks

0

• Official comment

  

  Eli Jang

  • September 29, 2022 03:20
  • Edited

  Sample query attached below. Feel free to customize it.
  
  _sourceCategory=sample/log
  | _receiptTime as receipt_time
  | now() as current_time
  | (current_time - receipt_time)/1000/60/60 as diff_hours
  | where diff_hours < 1
  | formatDate(toLong(receipt_time),"YYYY-MM-dd HH:mm:ss") as receipt_time_string
  | count by receipt_time_string, diff_hours

  Comment actions Permalink
• 

  Arunkumar Natarajan

  • September 16, 2022 10:11

  Thanks Eli.

  0

  Comment actions Permalink

Please sign in to leave a comment.