I’ve created a relative alert that compares the login data from the last month and when there’s a 0 change, an alert will be triggered.
Now I was wondering if it is possible to add the date since the last change to the alert message, so I could get a message like “No users logged in since [date since last login]”. Is this possible? If so, how?
I created a relative alert that compares the current login data to the login data from the previous 30 days. When the change is equal to 0, then I know there weren’t any logins so an alert will be triggered.
As for the message I use:
{{ .Level }} : {{ if eq .Level ‘OK’}}Someone logged in on host {{ index .Tags “host” }} again! {{ else }}No logins encountered on host {{ index .Tags “host” }} for over 1 month! {{ end }}
I didn’t find any method to add the date since the last login to the message.