The missing fields are treated as having the smallest or largest possible value of that field if. The below search works when we run index and so on but when try to keep in eval statement it does not. The sort command sorts all the results by specified fields. Requirement - For a message like "Failed project", the search should basically count for 3 times failure and then send an alert. Message like("%Failed Compliance project%"), "High", Because ascending is the default sort order, you don't need to specify it unless you want to be explicit. If the first argument to the sort command is a number, then at most that many results are returned, in order. Specify different sort orders for each field This example sorts the results first by the lastname field in ascending order and then by the firstname field in descending order. The missing fields are treated as having the smallest or largest possible value of that field if the order is descending or ascending, respectively. Message like("%Failed project %"), "High", The sort command sorts all the results by specified fields. Message like("%Failed Compliance Project%"),"High", Message like("%Failed project %") | ,"High" (the stats count) to the sort command and tell it to sort ascending(+) or. | from datamodel:"Project_job_events"| where clusterName="ITS07-SD02A" | where eventStatus="Failure" | table _time,objectName,message,locationName,eventStatus,objectType,objectId,_raw The count field contains a count of the rows that contain A or B. Just to add more here, here is complete search:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |