Alert for missing logs over a certain period

Objective: Mail notification if logs haven’t been received from network hosts in the last XX minutes.

Setup: The network design is extremely strict, so all logs are transmitted via NXlog proxy collectors across several layers of security zones before reaching Graylog.

Question: In this setup, how can I construct an Event Alert to get notification about logs not coming from any given host on the platform for XX minutes?

Good morning, check out:

It references this:

Thank you, Zach.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.