We have some identical logs coming out of different instances of the same system that we’d like to have alerts trigger for certain events, based on a threshold. We have the alerts we need built, but at the moment they trigger whenever the total amount of events across all logs passes the threshold.
Is there a way to amend the query that will cause an alert to only be triggered if the threshold is breached in a single log, without us needing to recreate the same alert/query for each log?