Hi , help me pls with alert on complex query.
I have such query :

"/platform/services/ApplicationManagementService" AND ((type:nginx_access AND NOT response:200 AND NOT response:401) OR (type:osb_mlt_server AND (aplmError:APLM0012 OR aplmError:APLM0017)))

how can i get alert if messages from query above will grow up?
as i know i need to route them to stream but there is a lot of conditions which cannot be configure in stream rules. Am I wrong ? thx

you have multiple ways to get that result.

I would create a pipeline rule that creates an additional field if all of your conditions match.

The alert would then be on the one single added field.

