I know you can trigger an alert if a field value exists. But is there a way to trigger an alert if two field values equal whatever value we are looking for? Example. Trigger alert If Field A = X AND Field B = Z
1 Like
Hi Matt,
I’ve got the same problem, more generally trying to figure out how to create notifications based on “complex” conditions.
From what i understand, we have to create multiple streams to filter the logs and base 1 condition/notification on it 
a.|Message count condition (whenever the stream received more than X messages in the last Y minutes)
b.|Field aggregation condition (on a numeric field for perf alerting)|
c.|Field content condition (the stream received at least one message that has a field set to a given value)|
Not sure yet if this is the right way to do it or if you can compose multiple conditions…
Did you achieve your goal since your post ?
Please share your feedback.
Thanks,
Guilaume