Hi,i want to configure an alert from filebeat, when the alert is triggered an email is sent
with the error and some lines (10/20 rows) after that.
How can i do that?
he @IIdikII
as you can specify “lines” you use fields - means you first work on your log to split the informations you need/want into separate fields and if that is given you can refer them in the email that is send out.
Thank you jan!
Just to better explain my question,i want an email like this:
— [Event Definition] ---------------------------
Title: Test
Description:
Type: aggregation-v1
— [Event] --------------------------------------
event
— [Backlog] ------------------------------------
Last messages accounting for this alert:
event before trigger
event before trigger
event triggered
event after trigger
event after trigger
Is it possible?
that is what you configure with “backlog” of messages.
I’ve already tried but backlog contains only messages that matches the definition,
is there a way to display all messages?
Thank you for your support!
ah you mean like “those messages came in x seconds before and after this” ?
Sorry such is not possible and it is very unlikely that this is implemented.
Thank you again jan, i think that the best solution is to check directly on graylog search interface
after receiving the mail.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.