How to set alerts with rule type "Flatline" - sample use case

Modified on: Wed, 2 May, 2018 at 8:20 AM

Usecase

Send Notification when there is no login activity (threshold count < 1) from a particular department say "Accounts" for every day. Login activity of Department is identified by a particular range of IP address with field name "srcIp".

Notification Types: Email

User Inputs

Please find the below image for setting up alerts in Skedler-Alerts

Notification received via Email

Hi,

Alert has been triggered for alert No Login Activity on Tue May 01,2018 10:00:00 IST

Alert Condition:

Rule Type: Flat Line, Keyword Filter: * - select * from .data* where srcIp must > 10.200.1.3 and srcIp must < 10.200.1.49 and where timeWindow between Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST having count < 1

TimeWindow:

Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST

Matching Records:

No Payload Result / Aggregation Result found

http://guidanzadmin:3001/skedler-alerts/alertdetails?alertId=No%20Login%20Activity&alertname=No%20Login%20Activity&triggered_time=2018-05-01T04:30:30.000Z

Thanks

Notification received via email attachment

[
  {
    "payload_result1": {
      "total": 0,
      "max_score": null,
      "hits": []
    },
    "aggregations_result1": {
      "count": {
        "value": 0
      }
    }
  }
]

Did you find it helpful? Yes No

Welcome to Skedler Support