I Have a messages from AWS-Cloud trail to Graylog2. Now Cloud trail sends data after every 7-10 min only.
Now If I use eaither Alert Field Aggregate or directly the Aggregate plugin both looks for the message as (t - 10min) etc. i.e (current time - provided time in Interval field)
So when I give any time less than 10min then I won’t even get any alert, But if I give 15 min I get an alert but this alert generates only after 15 min. So every half hour it works only 2 times.
Instead is there any way where it has to continously look for messages time interval and if it is more than X attempt in 1 min then I have to get an alert