Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hi, I’m currently monitoring about ~500 devices’ logs (mostly windows os), and I find it really hard to keep track of every single device at once. I’ve been reading every posts about creating an alert whenever a source receive no log but those didn’t work for me as I want a specific alert like “Computer x received no log within y minutes”. Looking forward for the right way to solve this, thanks.
2. Describe your environment:
OS Information: Windows 10, 11
Package Version: Graylog v4.3.7
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have a similar version of this kind of alert to fire a notification when a stream is not receiving log, but to monitor sources is a different concept and I’m still finding a way to make this possible. 4. How can the community help?
Help me brainstorming or discuss any idea that would work.
Yeah I’ve seen this solution. I think it would be a nice alternative way using card() function. However if I use this I will have to make a list of all 500 machines… which is not what I’m aiming for. I would prefer knowing which machine is absent. Thanks for your reply, I would consider this later.
For 500 Machines it would be worth it to script the creation of the alert. You can do this with the REST-API. When we put wlerts in based on scripts we mention this in the description, and also have a script to delete them all again based on the description. If we update, we delete them all and implement the new list.
