Hello
Has anyone managed to alert for software change?
I tried to make the following with no success:
eventlog.datetime = macros.past_5m AND eventlog.message LIKE '%OS Version%'
Appears fine in the eventlogs though:
Thanks!
Are you sure it’s not matching that rule? It would only do it when a device is polled, with you only checking the last 5 minutes + whatever you rule delay is you could see the alert cleared.
Try 15 minutes as a test.
Will do, thanks!
Fixed -
I needed greater or equal too (>= ) whoops.
eventlog.datetime >= macros.past_5m AND eventlog.message LIKE '%OS Version%'