Database Reference
In-Depth Information
Another example of an alert
We'll do another example of an alert so that you can see what happens when an alert is
triggered. This time, we will use the following search code:
sourcetype=access_* earliest=-3d latest=now action="purchase"
| stats count(eval(action="purchase")) AS "Total Products
Sold in last 3 days"
The criteria we use are as follows:
•
Title
:
Total Products Sold in Last 3 Days
•
Alert Type
:
Scheduled
•
Time Range
:
Run every hour
•
Schedule
:
At 0 minutes past the hour
•
Trigger Condition
:
Number of Results
•
Trigger if number of results
:
is Less than
,
1000
The criteria for the alert are specified as shown in the following screenshot:
Alert for Total Products Sold in Last 3 Days
