I've set up an system.run item that does a "grep -c 'string' kernel.log".
The kernel.log file rotates hourly and I'd like to have it triggering an alert when the count for 'string' is less than 100 in the last minute.
Option 1: Set up a trigger which counts only the value difference in the last minute.
Option 2: Set up a calculated item which counts only the last minute of the log's entries.
How can I do this? Any delta function maybe?
Basically my intention is to have an item which counts the value as if the log rotation was every minute.
The kernel.log file rotates hourly and I'd like to have it triggering an alert when the count for 'string' is less than 100 in the last minute.
Option 1: Set up a trigger which counts only the value difference in the last minute.
Option 2: Set up a calculated item which counts only the last minute of the log's entries.
How can I do this? Any delta function maybe?
Basically my intention is to have an item which counts the value as if the log rotation was every minute.
Comment