Amarquier
Results
2
comments of
Amarquier
Here is the beginning of my rule. ``` type: frequency # (Required) # Index to search, wildcard supported index: logstash* # (Required, frequency specific) # Alert when this many documents...
Hi and sorry for the late answer. To test rules, first I check is the rule has hits and matches. Then I recreate the conditions to get hits and matches...