We have a very simple search that looks for a value and if that value is not greater than 0 for ten minutes it sends an alert. Very simple, if that value is 0 for ten minutes, send an alert. The search is literally just {value}>0 and the alert has a cron expression of */10 5-23 * * *, the number of results field is set to trigger if the number of results is equal to 0, the time range is set to a custom time of -11m@m to -1m@m. We occasionally get false positives on this alert and we have no idea why. We run the search on that time frame and we see plenty of values. Does anyone have any insight into why this is happening?
... View more