Corelations in Graylog

mfzhsn · July 6, 2020, 5:44pm

Hi Team,

Would like to know about the correlations, I have two different messages from the same stream coming into Graylog ES.
First Message has CPU info and the second has Memory Information. I want to apply rules from both messages and derive if the status of VM is good (logic is CPU and Memory < 75% is good as an example )

Is there a way to do this ? Using Pipelines ?

Example: for CPU and Memory:

75>cpu>90=1- yellow
90 > cpu =2 - red
else=0 - green

jan · July 14, 2020, 2:27pm

such would be possible with alerting and the correlation engine.

mfzhsn · July 14, 2020, 3:36pm

thanks jan, Do I have to get Enterprise version to get correlation Engine ?

jan · July 15, 2020, 10:29am

yes, that is right. You need to have the Enterprise Plugins.

system · July 29, 2020, 10:34am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.