I would like some help for a use case where I need to generate an alert for a certain situation:
Operating system processes are monitored, and the following logs are generated:
status 1 = process started
status 2 = running process
status 3 = process stopped
I need to alert when a process has stopped (status 3), in the legacy version of monitoring, I check the last event within 12 hours. (time set for collection)
I couldn’t find a way to do this same monitoring in the new version of monitoring. The average in this case does not solve.
I tried to collect the metric in a shorter interval, for example 10 minutes and use the Max function (since I would only have one data in the interval), but the status 3 information is collected when the process dies, in this case after the interval of 10 minutes I no longer have the data (and an alert generated in this situation only exists for 10 minutes).
Example using Classic condition (it works, but there is no way to use template variables such as $labels or $values):
