kiwiz
commented
6 years ago Hi. Could you provide a concrete example of what you'd like to accomplish?
Open ceeeekay opened 6 years ago
kiwiz
commented
6 years ago Hi. Could you provide a concrete example of what you'd like to accomplish?
ceeeekay
commented
6 years ago @kiwiz Using the following ES agg as an example, I'd like to set up a 411 alert to trigger if the result of the aggregation is over a certain value, e.g.,
"aggs": {
"1": {
"max": {
"field": "latency.total"
}
}
}I'm trying to reproduce this in 411 like so:
type:latency test | agg:max field:latency.total.
This query always returns a single result (as expected) but it's the value if the result I'm interested in, i.e., if max agg of latency.total > 60 then alert.
I don't see any way to do this with the result type options that 411 presents.
Thanks :)
Is it possible to alert based on the value in a field?
I'm using a max aggregation which always returns exactly one result, but it's the value of the field that I'm interested in. I don't see any way to do this.
Possible feature request?
Cheers.