Here is a suggestion : Create an event definition that runs every X minutes (define X as you see fit). In aggregation, define a condition based on the card() of the “source” field. If it is anything less than your number of sources, fire an alert.
Here is a suggestion : Create an event definition that runs every X minutes (define X as you see fit). In aggregation, define a condition based on the card() of the “source” field. If it is anything less than your number of sources, fire an alert.