I have a simple, small powershell script installed on 400 Windows Server’s, that outputs disk, CPU and RAM utilization once per minute.
NXLog then picks this up, and sends it to Graylog;
I have fed these into a stream, and I want to send out an email alert, every time one of these numbers drops below a threshold. I then want a 30 minute grace-period.
Now, this is obviously easy to do if the stream takes EVERY event into account, but I need to differentiate between sources. So in other words, if souce:testserver01 triggers an alert, I want there to be a grace period, but I don’t want this grace period to prevent an alert being sent from a different source
Is there a ‘preferred’ way of achieving this?
The only option I can think of is to make 400 streams, one for each source!!!