Hello All,
I am trying to create an alert using metricbeat data to show when an application service(windows) is not running. The idea being, if grafana something that matches this condition, generate an alert etc
If I use the query below in elasticsearch I get 0 hits over a 24 hour period, which is what is expected.
host.name: “appserver1” and windows.service.state : “Stopped” and windows.service.start_type : “Automatic”
however I use the same lucene query in grafana I get something like this which then trips the alert.
I am using the count metric, if anyone can point me in the right direction it would be greatly appreciated.
I am using Grafana 8.x.x.