Field Content Alert

Hi,

Is there a way I can set the alert condition to match a string exactly, for example, “Unknown Protected Resource”? The documentation said it will trigger the alert as long as it matches one of the words.

Thank you,
Si Ya Ni

The value of the field content alert condition is basically a quoted Lucene/Elasticsearch query.
So if you create a field content alert condition for the field “foobar” with the value “Lorem ipsum dolor sit amet”, it will generate the following Elasticsearch query:

foobar:"Lorem ipsum dolor sit amet"

Depending on the configuration for the field “foobar” (e. g. analyzed or not analyzed), this will yield different results.

Thank you for your help.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.