Usecase
Send Notification when there is no login activity (threshold count < 1) from a particular department say "Accounts" for every day. Login activity of Department is identified by a particular range of IP address with field name "srcIp".
Notification Types: Email
User Inputs
Please find the below image for setting up alerts in Skedler-Alerts
Notification received via Email
Hi,
Alert has been triggered for alert No Login Activity on Tue May 01,2018 10:00:00 IST
Alert Condition:
Rule Type: Flat Line, Keyword Filter: * - select * from .data* where srcIp must > 10.200.1.3 and srcIp must < 10.200.1.49 and where timeWindow between Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST having count < 1
TimeWindow:
Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST
Matching Records:
No Payload Result / Aggregation Result found
http://guidanzadmin:3001/skedler-alerts/alertdetails?alertId=No%20Login%20Activity&alertname=No%20Login%20Activity&triggered_time=2018-05-01T04:30:30.000Z
Thanks
Notification received via email attachment
[
{
"payload_result1": {
"total": 0,
"max_score": null,
"hits": []
},
"aggregations_result1": {
"count": {
"value": 0
}
}
}
]
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article