We have installed Graylog to use for capturing logs from our integration platform.
Our desire is trigger an alert on particular attribute ( i.e. level = ERROR ) in a log, and then see all the logs that are related to that log in an automated email (notification)
The context is that we add a unique value to a message as it passes through our integration platform, a correlation-id field.
This field is included in all logs related to that message as it passes between systems in our infrastructure.
What we are looking to do is
- trigger an alert based on condition ( i.e. level = ERROR )
- capture the value in the correlation-id field
- populate the backlog with all logs that have the same correlation-id
- create a notification using backlog, which now has all log messages corresponding to the triggering message
I can’t seem to find a way to make this work, either by searching for just those messages as described above, or alternatively choosing a large backlog (100+) and then filtering out logs which are not desired (i.e. different correlation-id value).
Can someone please tell me
if what we are looking for is achievable ?
if the way that needs to be achieved is by creating a plugin, or some other mechanism, can someone please point me in the right direction so that I can start to investigate how we can implement that functionality.