Correlation rules original messages

tomer_il · November 5, 2019, 11:02am

Hi

I’m using Graylog V3.1.2 with an enterprise plugin.

I created a correlation rule that triggers alert whenever two events occur.

When I’m looking at the “All events” stream and find the correlation event in the origin_context property I’m getting only the last event that triggered this rule.

I have the same problem with aggregation rules that I’m not getting the origin_context for them.

Is there a way to see all original events that triggered the correlation rule or aggregation rules?

Thank you.

tomer_il · November 7, 2019, 10:00am

Maybe be there’s a way to create elastic search query the is equivalent to an aggregative/correlative Graylog rule?

system · November 21, 2019, 10:00am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help understanding Event Correlation Graylog Central (peer support)	5	1341	April 29, 2020
Backlog - finding related logs Graylog Central (peer support)	3	1745	August 7, 2017
Event Defenistion on two results Graylog Central (peer support)	4	262	May 1, 2023
Advanced Searches - Graylog Graylog Central (peer support)	1	521	November 15, 2017
Corellating log messages Graylog Central (peer support)	2	398	March 28, 2018

Correlation rules original messages

Related Topics