Hi all!
I need to create an alert when graylog doesn’t recive messajes like this time:
(i attach more images below)
can help me?
Thanks!
What is your setting for a time period to search for that event and how often are you searching that time period?
Unless you have specifically enabled leading wildcards, leave the search query blank to capture all things. I don’t have time to test right now but that is the first thing I see…
Hi @tmacgbay , thanks for answer and sorry for delay.
Like this? :
I read about this: Graylog Knowledge Base - Content Pack - Event Source Not Sending Logs , but I have the open source version, does it work?
Has the change made any difference? Do other notifications work? Paid version (or less than 5GB per day free license) allows you to sequence events for notifications - I don’t think you are doing that are you?
Hi @tmacgbay !
yes i has other notifications but none like this (inform about no logs detected).
The change dont make difference, because the system doesn’t fall dow yet (it is in production at this moment). Then i make the inverse notification, when the “count()” is greater than 1, but the notification doesn’t occurrs
There must be something I am missing to ask but I can’t think of it. I handle most of my alerts in the pipeline, mark it as an alert and send it to an alert stream that is watched and handled. Sorry I couldn’t be of more help. Maybe try rebuilding from scratch?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.