cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need to create a alert for syslog message if the event doesn't appear more than 4 hours

JoshiSaikiran
Copper Contributor

‎Mar 20 2022 10:44 AM - last edited on ‎Apr 08 2022 11:02 AM by

‎Mar 20 2022 10:44 AM - last edited on ‎Apr 08 2022 11:02 AM by

Need to create a alert for syslog message if the event doesn't appear more than 4 hours

We have a syslog message with specific keywords for e.g.. "content found". if the syslog message doesn't flow in log analytics. we need to create an alert for the syslog.

 

Appreciate your help on this one.

 

Thanks

Labels:
561 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Mar 21 2022 03:25 AM

‎Mar 21 2022 03:25 AM

Re: Need to create a alert for syslog message if the event doesn't appear more than 4 hours

@JoshiSaikiran 

 

You will need to adjust the Column name if its not SyslogMessage and the string to search on 

Syslog
| where TimeGenerated > ago(4h)
| where SyslogMessage has "Failed to"

 or

Syslog
| where TimeGenerated > ago(4h)
| where SyslogMessage has_any ('Failed to','err')
0 Likes
Reply