Alerting on trends - Graylog 3.2

coderamblings · May 11, 2020, 12:18pm

Hi All,

Is it possible to set alerts on trends? This post gives a nice example on trend analysis TREND ANALYSIS WITH GRAYLOG but with no hints on how to setup alerts on, say, sudden spike in incoming messages.
I initially thought that maybe the enterprise correlation engine would be required for that, but having watched https://www.graylog.org/videos/correlation-engin I’m not sure, seems the correlation thresholds are also just numbers, not relative values.

So… any recommended / feasible way on setting alerts when trends change?

Regards,
Mike

ps. I’m on Graylog 3.2.4+a407287 (AdoptOpenJDK 11.0.6 on Linux 5.3.0-40-generic) / Ubuntu 18.04.4 LTS; filebeat is the main source of data into Graylog.

jan · May 12, 2020, 3:55pm

I can think of this to be possible with the correlation engine. I have done only the notification yet when a log source went silence: https://support.graylog.com/help/en-us/13-alerts-notifications/53-content-pack-event-source-not-sending-logs

but it should be possible to make the same assumption to “if this is more than” …

coderamblings · May 14, 2020, 11:13am

Thank you Jan, I’ll have a look into this.

system · May 28, 2020, 11:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog alerts and notifications Graylog Central (peer support)	2	553	October 24, 2019
Alert notification setup assistance Graylog Central (peer support)	3	315	October 29, 2020
Graylog security alerting with Beats Graylog Central (peer support) filebeat-linux , alert	1	265	March 27, 2024
Question regarding notifications Graylog Central (peer support) alert	2	519	February 18, 2022
Graylog 3.2 alert when host drops off Graylog Central (peer support)	2	427	September 3, 2020

Alerting on trends - Graylog 3.2

Related topics