Event definition dont match

Hugoo · October 8, 2025, 9:34am

Hi, I’m new to graylog, I’ve seen a lot of topics on the subject without any real solution for my case.

1. Describe your incident:
I’m trying to create an Event Definition that should trigger ‘*’. However, despite having matching logs in the stream, the event definition returns no results, no matches, no notification.

2. Describe your environment:

OS Information: RHEL 9.5
Package Version: Graylog 6.1.6

Configuration :

See the Replay search finding logs :

Last mateched : Never

3. What steps have you already taken to try and solve the problem?

I’ve verified that the logs are correctly parsed and indexed, and I can manually search for them using the same query.

4. How can the community help?
Maybe I made a mistake? Is this a bug? Is this the graylog version?

Thank for your help

frantz · October 9, 2025, 12:40pm

Your configuration should work. Did you check if there is an error in server.log ?

Hugoo · October 9, 2025, 12:58pm

I checked this morning, and without changing any configuration, alerts appeared as if by magic.

Maybe it took a while to process, like more than a day, I don't know...

Thanks for your reply!

Topic		Replies	Views
Event definitions not create alerts Graylog Central (peer support) alert	7	669	June 27, 2022
Graylog logs full of "Couldn't find event definition with ID" Graylog Central (peer support)	4	967	November 25, 2019
Event definition not sending alerts Graylog Central (peer support)	3	1417	February 21, 2021
Event Definitions - "Search within the last" unique matches Graylog Central (peer support)	3	995	October 18, 2019
Filter & aggregation > Filter issues Graylog Central (peer support)	4	1693	December 31, 2019

Event definition dont match

Related topics