Hello,
Hope all is well,
I have encountered a bug within LogPoint alert rule queries were all default and custom alert rules that utilise symbols ">" or "<" to finalise alert logic fails to use these symbols and all other data that was added after those symbols. If you run the alert rule query by copy pasting it to the search manually, it works as it should, but if you want that query to be used by an alert (alert query) it drops everything that is beyond and including the symbols "<" or ">".
Example of this bug:
Multiple default LogPoint alerts utilise end of alert logic with filtering command similar to this "| search Event>10" but once the query is executed by the alert itself this filtering command is being cut and is executed as "| search Event" that produce incorrect results.
This seams like a straight forward bug that LogPoint support should be aware of, is there a fix for it? any workarounds?
Appreciate the support,
Share This Post:
Please sign in to leave a comment.