Alerts Based On Avg()

We monitor a certain field called RequestLatency. It’s stored in the database as a Long. We have graphs that show us the avg(RequestLatency). It shows us the average login latency and it works well to tell us if the system is healthy.

But now we need it to send an email to the Network Engineering team if the latency goes >2000 (milliseconds). Is it possible to trigger an Alert based on the avg() function? Over what period of time does the avg() function operate when used in an Alert?


Operating system information

CentOS Stream release 8

Package versions

  • Graylog 4.0.15
  • MongoDB 4.2.14
  • Elasticsearch 7.10.2


If I understand you correct, a couple members were asking for an alert based of an AVG in the forum. I haven’t seen it done yet.

Don’t know if you seen this, under Event Definitions/Aggregation this have a threshold number. Would this be something of what you wanted?

With the Enterprise Version you do have a Event Condition this is found here

Other that I have used other tools like enabling Prometheus In Graylog configuration file and install Grafana which I set up alerts, This does allow me to execute an AVG on stream ,etc… Not sure if you want to go that route.

That’s all I have for ya, perhaps someone else here ahs a better idea.

Just as you use the avg(RequestLatency) to draw your graphs, you can use it in the alerts as @gsmith showed. You will need to change the mode to “Aggregation of results reaches a threshold”
and then you will have the menu with the options from the post above.
If you want to distinguish the alerts for different machines, you can add the “group by” to do so.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.