Detect when an input is not receiving messages

T1000-Cyberd · June 21, 2022, 11:03am

Is there any way to monitor inputs if they are receiving messages or not, and alert when an input stops receiving messages?

tmacgbay · June 21, 2022, 8:19pm

I think you can set an aggregation where count() == 0 over x time to fire off an alert. I haven’t done it’s worth testing (can’t test at the moment)

gsmith · June 22, 2022, 10:11pm

Hello @T1000-Cyberd

Adding on to @tmacgbay statement.

Yes, use metrics.

T1000-Cyberd · June 23, 2022, 1:30pm

[quote=“gsmith, post:3, topic:24406”]
es, use metrics.
[/quote]I know but i wanted an automated way to alert when an input stops receiving messages in a certain amount of time. Will try the aggregation.

T1000-Cyberd · June 23, 2022, 1:36pm

It Works great, only for one stream. I need to create rules for all the streams separetely then.

tmacgbay · June 23, 2022, 6:49pm

Yea - alerts as described tend to be set up for one alert per event type - I bent mine a bit to allow events and their alerts to be covered by as few Definitions and notifications as possible.

system · July 7, 2022, 6:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send mail when Log Input stops Graylog Central (peer support) alert	2	175	November 6, 2023
Events based on NOT receiving a message Graylog Central (peer support)	2	920	July 8, 2021
How to setup alerts when stream has not received log for a period of time Graylog Central (peer support)	2	1112	August 9, 2018
GrayLog 5 and Alerts Graylog Central (peer support)	3	256	June 30, 2023
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3047	April 22, 2021

Detect when an input is not receiving messages

Related Topics