Forum Discussion
Solved
Sentinel alert threshold
Hi everyone,
Looking into creating an alert. For example lets say in syslog a switch/server fails and it generates entries in the syslog table that there is an issue. Let's say it create 1000 counts of it. Is there a way to create a custom query to where the count/entries of that error generates lets say more than > 100, and it should then generate an alert?
(I attached a google pic of a random table, when i say counts/entries, I refer to that below. All of the entries for the query would have the same syslog message. Just curious if enough counts of that messages gets generated like 100, how can an alert be fired based on that count?)
Hello idontknowanything ,
When you create an Analytics rule, under "Set rule logic" you have the following setting:
Hello idontknowanything ,
When you create an Analytics rule, under "Set rule logic" you have the following setting:
- Hi mikhailf,
Is it true that the Threshold in the detection rule has been removed? I no longer see this option in the rules when I want to edit them. In the "Set rule logic" tab, the Threshold option has disappeared.Hello esschotenw,
It is available for Scheduled queries. However, I do not see it for NRT rules. Please, check if you are trying to edit an NRT rule.
