To save an Alarm Rule from a query:
- Open a dashboard.
- In the search bar, enter your search criteria and (optionally) a time interval in the time filter. For more information about how to query data, see https://logrhythm.atlassian.net/wiki/spaces/SDNMStage/pages/25886894.
- Click Save Rule.
The Create Rule dialog box appears.
- Enter a Name and choose a Severity. You can also change the Search string, if desired.
- Click Save.
You are notified of how many times your new rule would have fired in the past 24 hours.
- To create the rule, click Confirm. Otherwise, click Cancel.