Hello,
I have log item where I look for the word "ERROR" in a log file on several linux hosts and they are being captured properly but I'm having a hard time figuring out how to properly trigger on the event. I basically want to trigger when it sees the word "ERROR" in the log but clear after its 60 minutes old.
How do I create a trigger that only looks at the last 60 minutes.
I tried .count(60m)>0 but that does not work.
Thanks,
-Glen
I have log item where I look for the word "ERROR" in a log file on several linux hosts and they are being captured properly but I'm having a hard time figuring out how to properly trigger on the event. I basically want to trigger when it sees the word "ERROR" in the log but clear after its 60 minutes old.
How do I create a trigger that only looks at the last 60 minutes.
I tried .count(60m)>0 but that does not work.
Thanks,
-Glen