Let's use "calculate" action to create a dynamic threshold value for our "conditional block" action.
-
Capture the Kibana Discover's hits count integer value of the last hour
-
Capture the same, but for the last 24 hours
-
Use the "calculate" action to obtain the hourly mean hit count over the past 24h
-
Use the "conditional block" action to compare the last hour reading to the 24h mean
-
If the difference is less than 20%, don't send the alert
This example is by default included in the job templates in any new installation of Anaphora.
