Hello guys,
Could someone please help me with my problem? I hope you understand my situation.
Let’s say I get a log file into Graylog, which has three fields, for example: Operation: ,Add", Start: ,Timestamp", and End: ,Timestamp" Downtime of an Event.
I just want to write the information into my Dynamic Lookup Table. Then I get another log file, which just has a timestamp.
I want to access the Dynamic Lookup Table to check if the current timestamp I have is within the interval of the start and end downtime.
If it is, nothing should happen, but if it is outside the interval, I should send out a notification.
(The timestamps are just examples in the screenshots are just examples; I want to know how I can use operators like <= or > because I keep getting errors in the Graylog rules.)
How should I implement this? I have to use MongoDB for “Data Adapters,” right? And what would the rules look like? How can i have access to the DLT and take the
timestamp out of the DLT to compare the timestamps interval with mine.
How is it possible to compare timestamps, because I could not find or use comparison operators in the Graylog rules?
2. Describe your environment:
- OS Information:
Windows - Package Version:
6.0.3 - Service logs, configurations, and environment variables:
The screenshots I provided show my current progress
