Hi Folks,
I am running a search query and I always have two sets of results.
Description Rate
Transaction A 200
Transaction B 350
I need to trigger a conditional alert only if Rate of Transaction B is 50% more than Rate of Transaction A.
Any simple ways of achieving this ?
Thanks
You might be able to do this by feeding your results through | transpose
followed by | where
, something similar to this:
my search
| transpose
| search column=Rate
| rename "row 1" TO a
| rename "row 2" TO b
| where b > (a * 1.5)
And then alert on the return of any results.
You might be able to do this by feeding your results through | transpose
followed by | where
, something similar to this:
my search
| transpose
| search column=Rate
| rename "row 1" TO a
| rename "row 2" TO b
| where b > (a * 1.5)
And then alert on the return of any results.
Thanks for the prompt reply! it works!