Log_Based query which runs on different times 15, 60, 200, 300, 1000 minutes but in all result "hits" coming as 0 and total.value gets changed. We expect that hits and total.value count should be the same.
The same filter working fine in the Kibana dashboard, the issue only facing on log_based alarms page.
Release : 20.2
Component : CA DOI LOG ANALYTICS
The problem seems to be that the size is mentioned as 0 in log query but 500 in Kibana.
Output is based on the results obtained from query execution in last interval. It is expected to change as these queries are time based. If you want to see the sample results set the size to 10.