Hi all,
i have a nas which is sending me by syslog 2 lines:
|||2023-01-29 20:26:26|SourceIP=192.168.x.x [External Device] USB <mark>UPS plugged</mark> in.||
| --- | --- | --- | --- | --- |
|||2023-01-29 20:25:59|SourceIP=192.168.x.x [External Device] USB <mark>UPS unplugged</mark>.|
I could make an alert by something like that:
count_over_time({app="qulogd:"}|~"UPS unplugged"[10m])>0
But how it is possible to correlate the two lines and make the alert only when the UPS is unplugged and not already again plugged in? Is there a correlation possibility in loki? I only want to go into cellar if problem still persists. I have no idea to get automaticly the last state from loglines to alert and revert alert if problem is gone.
Best regards
Andreas