Hi,
I'm curious how I can specify a relative date range in alert criteria. For example, [Last Boot] > Yesterday.
The scenario is that I'm setting up an alert for a class of high-powered machines that is only on occasionally. There are some false positives like "Packet loss is abnormally high" when the machine comes up after being off for a while.
My thought was to modify the alert criteria and only fire the packet loss event if the server has been up for x hours. I have not found a way to do that through simple criteria. When I choose "Last Boot" for criteria and say "greater than" I can only put fixed date and time values in the right expression.
Do I have to write SQL / SWQL to make this happen? It seems so basic, it kinda of feels wrong to have to do that. That's why I'm double checking here.
