The output field name is aliased to my_time_bucket_field_name. Timeslice 1m as my_time_bucket_field_nameįixed-size buckets of 1 minute each. ![]() The output field name is aliased to 2hrs.īucketing to 150 buckets over the search results. The output field is default _timeslice.įixed-size buckets that are 2 hours long. It's an easy effect to do using a few photos that were taken. So if the query is _sourceCategory=abc | timeslice 1m | count by _timeslice, the timeRange is 15m, and there are 15 rows in the query output, it would trigger the alert if _count for any row matches the threshold and resolve when none of the rows match the alert threshold (and all match resolution threshold).įixed-size buckets at 5 minutes. 4.94K subscribers Subscribe 10K views 3 years ago In today's video, I'll show you how to make a timeslice image using Photoshop. If there are multiple rows in the search query output because of timeslice or any other reason (such as a group by operator), it would match each row with the monitor threshold and if it matches for any row, it would trigger the alert. Monitor query output is matched with the configured threshold during its evaluation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |