Hello,
I’m trying to configure an Event Definition (GrayLog 3.1.0) but I have a problem:
In “Filter & Aggregation”, I want to execute search every 1 minute over the last 15 minutes:
The problem is that every minutes, GrayLog triggers the Alert because “Filter has results”, how can I configure GrayLog to trigger the alert only once per event ? (I don’t want to re-detect the already matched events)
Thanks
that is not possible - as you have given the search window for 15 minutes it will alert for all findings in that sliding window on a minute base.
Because that is what you have configured.
I have the following use case:
Computers send logs with a delay, and the original timestamp is retained. If I search only in a one-minute range, I will miss events (logs can be generated “now” but uploaded only in 10 minutes).
Is there a way to take this situation into account with the events?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
