We have a bigger QRadar cluster setup, on which we have QR Deployment intelligence app, and that setup is fine to monitor cluster health through GUI.
But we would like to get notifications via email when some of cluster health metrics cross certain treshold.
We are wondering why is that not available out of box ?
Especially when all needed info are already there...
Is there a way, and how to set it up ?
Our biggest concern is network bandwidth usage ...
We tried to write a custom AQL but time segmentation to parts of 60 seconds is just not good enough.
Thanks.
Ninoslav