Hello,
can I use the content alert condition on a float field, like time_request?
I want to get an alert if time_request is greater than 60 (seconds).
Right now it does not work:
Field: time_request
Value: >60
Thanks in advance,
Dietmar
Graylog 2.4.4
The alert conditions in Graylog are evaluated in a specific interval for a given time range.
This means, that they don’t work on single messages, but on all messages in that time range.
You could probably build a Field Aggregation Alert condition which checks the maximum value of the “time_request” field over a given time range:
Hello,
thanks for the hint. I will check it out and let you know what’s the result.
Dietmar
Hello Jochen,
great, it works!
Next question:
How can I add the exact message that triggered the alert into the resulting alert mail?
Wiht backlog I got some mails which are too late, that is, the actual triggering message is not in the backlog.
Thanks in advance,
Dietmar
As I mentioned before, there are always multiple messages in an alert.
