Alert Wizard plugin for Graylog to manage the alert rules

Alert Wizard

Plugin 4.1.0

Alert Wizard plugin for Graylog to manage the alert rules

Alert Wizard Plugin for Graylog

Continuous Integration License GitHub Release

Alert Wizard plugin for Graylog to manage the alert rules

An alert wizard for configuring alert rules on Graylog.

Perfect for example to configure together and at the same time a stream, an alert condition and a logging alert notification.

Required Graylog version: see compatibility table below for required version

Required Graylog plugins:

Graylog and Plugins Version Compatibility

Wizard Plugin Version Graylog Version Logging Alert Plugin Version Aggregation Count Plugin Version Correlation Count Plugin Version
4.1.x 4.2.x 4.1.x 4.1.x 4.1.x
4.0.x 4.1.x 4.0.x 4.0.x 4.0.x
3.3.x 3.3.x 2.2.x 2.2.x 2.2.x
3.2.x 3.2.x 2.1.x 2.1.x 2.1.x
3.1.x 3.0.x 1.2.x 1.2.x 1.2.x
3.0.x 3.0.x 1.2.x 1.2.x 1.2.x
2.0.x 2.5.x 1.1.x 1.1.x 1.1.x
1.1.x 2.5.x 1.0.x 1.0.x 1.0.x
1.0.0 2.4.x 1.0.x 1.0.x 1.0.x

Upgrading to 3.2.0

Possible issues to Import alert rules from version 3.0.0 or 3.1.0:

  • The field “grace” (Now display in Graylog and the Wizard as “Execute search every”) have to be strictly greater than 0
  • The Log Body of the notification will not be imported, the default one in the general configuration of the plugin Logging Alert will be use, and have to follow the Notification format (Same as the Email Notification)

Upgrading to 3.0.0

WARNING : The REST API for the Wizard Configuration has changed.

Upgrading to 2.0.0

WARNING : With Wizard plugin in version 2.0.0 and higher you can’t import alert rules that have been exported from version 1.X.X.

Upgrading notice:

  1. Import your alert rules from version 1.X.X
  2. Upgrade to version 2.0.0
  3. Export your alert rules in the new format


Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.


Manage the alert rules

Create an alert rule

Use of lists

WARNING : The first time your create a rule with a list, the Wizard automatically create a lookup with cache and data adapter. But you must manually set up the authorization key with your login:password in base 64 for the data adapter.

The field “Name” should be filled by “Authorization”

The field “Value” should be filled by “Basic” followed by “user:password” in base64 for example “Basic TXlVc2Vy0k15UGFzc3dvcmQK” where TXlVc2Vy0k15UGFzc3dvcmQK is the result of “echo -n ‘MyUser:MyPassword’|base64”

Instead of a user and its password you can also use a token. Use the token’s value as username and use the word “token” as password. For example if the token’s value is supertoken1234567890: “echo -n ‘supertoken1234567890:token’|base64”

MyUser must be a user with admin rights


This project is using Maven 3 and requires Java 8 or higher.

  • Clone this repository.
  • Run mvn package to build a JAR file.
  • Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
  • Copy generated JAR file in target directory to your Graylog plugin directory.
  • Restart the Graylog.


This plugin is released under version 1 of the Server Side Public License (SSPL).

Don’t hesitate to contact me if you have any question about this plugin

Hi, frantz
I have a problem with Alert Wizard
please guide me
I have Graylog version 3.1

root@graylog-virtual-machine:/usr/share/graylog-server/plugin# ls

but not working … :slightly_frowning_face:

Hi bahram,
Wizard 3.0 is an old version, and regarding the compatibility array it seems we don’t have released a version compatible with Graylog v3.1:

Wizard Plugin Version Graylog Version
4.3.x 4.2.x
4.2.x 4.2.x
4.1.x 4.2.x
4.0.x 4.1.x
3.3.x 3.3.x
3.2.x 3.2.x
3.1.x 3.0.x
3.0.x 3.0.x
2.0.x 2.5.x
1.1.x 2.5.x
1.0.0 2.4.x