I wanted to share on the community how you can use an Alert rule to populate a dynamic list.
- Create the Dynamic list you want to populate
- Age limit on the Dynamic list is how long the data from the Alert will stay in the dynamic list before the values are removed
- Create the Alert that can populate the dynamic list
- Search Interval: Defines how often the the search is running on the LogPoint. Every search interval it will update the dynamic list if it finds new values or prolong existing values in the dynamic list
- You can set the condition on the Alert to be something like Trigger: condition: Greater than "99999" for it to never fire to the incidents view.
- However the Alert still needs to find results in the | process toList() part of the search query to populate the Dynamic List.
This is a way to use an alert to automate the process of populating a dynamic list without the alert firing and cluttering the incidents view.
/Gustav