Event definitions and alert if no logs graylog 3.2.5

michtab · June 10, 2020, 3:22pm

Hi !
I’ve about 30 sources for my graylog and i want to generate an alert if some sources no longer sends logs for a given period of time.

On my graylog it works if a create one stream and one event definition for each sources but i want to improve this way
Can I do the same with only one stream and one event definitions ?

I try on the “all messages” stream’s : search within the last 5 min, execute search every 5 min
If count(source) <= 0
but it doesn’t work, what i’m doing wrong ?

Lastly, how can I find the name of the sources that no longer send logs if there are no logs because the source is not sending logs. (This is for the email notification)

Regards

shoothub · June 11, 2020, 1:23pm

Check this:
https://support.graylog.com/help/en-us/13-alerts-notifications/53-content-pack-event-source-not-sending-logs

michtab · June 12, 2020, 8:45am

Ok thanks I’ll try this

system · June 26, 2020, 8:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Event definition help Graylog Central (peer support)	6	1007	July 8, 2020
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3472	April 22, 2021
Events based on NOT receiving a message Graylog Central (peer support)	2	1009	July 8, 2021
Monitoring whether the source is sending logs Graylog Central (peer support) alert	3	208	December 22, 2023
GrayLog 6 - Source Alert Graylog Central (peer support) alert	6	124	July 5, 2024

Event definitions and alert if no logs graylog 3.2.5

Related topics