Event Definitions Setup Help

monarch684 · April 26, 2023, 3:00pm

Describe your incident: Needing to create an event definition with an additional field for hostname
Describe your environment:

Redhat 8
Graylog v4.3.5

What steps have you already taken to try and solve the problem? I have setup a definition that works successfully, but when adding a custom field for Hostname, I get nothing.

I am using the following template

${source.hostname}

I am not sure if this is correct or not.

How can the community help? Point in the proper direction for Event Definitions Template information.

gsmith · April 27, 2023, 4:43am

Not sure if thats a template, perhaps if you can share what you configured would help.

monarch684 · April 27, 2023, 12:31pm

Does this help?

gsmith · April 27, 2023, 9:07pm

Thanks for the added info, What I did was the following for my Active directory.

Example:

This will show up Under alerts.

EDIT:
I also found this for ya, hopeit helps.

system · May 11, 2023, 9:08pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Events and custom fields Graylog Central (peer support)	13	7383	September 28, 2021
Not able to add custom field in events generated from the event definition Graylog Central (peer support)	2	1427	September 30, 2019
How to define custom field on Event Definition Graylog Central (peer support)	5	8457	June 17, 2020
Help using extracted fields in event definitions as custom field Graylog Central (peer support)	10	225	May 13, 2024
Event definitions Graylog Central (peer support)	6	436	March 6, 2023