We monitor a certain field called RequestLatency. It’s stored in the database as a Long. We have graphs that show us the avg(RequestLatency). It shows us the average login latency and it works well to tell us if the system is healthy.
But now we need it to send an email to the Network Engineering team if the latency goes >2000 (milliseconds). Is it possible to trigger an Alert based on the avg() function? Over what period of time does the avg() function operate when used in an Alert?
With the Enterprise Version you do have a Event Condition this is found here
Other that I have used other tools like enabling Prometheus In Graylog configuration file and install Grafana which I set up alerts, This does allow me to execute an AVG on stream ,etc… Not sure if you want to go that route.
Just as you use the avg(RequestLatency) to draw your graphs, you can use it in the alerts as @gsmith showed. You will need to change the mode to “Aggregation of results reaches a threshold”
and then you will have the menu with the options from the post above.
If you want to distinguish the alerts for different machines, you can add the “group by” to do so.