I'm having trouble understanding how thresholds should be set for log monitoring alerts based on log file custom metrics. The semantics of the configuration screen relate more to metrics that will have a continuous, fluctuating series of values rather than counts based on discrete events such as the occurrence of a text match in a log file. In particular it is unclear what it means to say that the value is above the threshold for a specific number of minutes... in my case, for example, I want to alert if we find 2 or more occurrences of a text pattern in the 5 minute interval... would I seed to set the time component of the threshold to 0 minutes? I.e.,
"Alert anomalies with a static threshold of 2 (count). Raise an alert if the metric is above the threshold for 0 minutes during any 5 minute period"