[SOLVED] Event notifications not sending aggregated logs

1. Describe your incident:

we have defined an alert based on an event.
The filter we use yields several results and that is fine.
The notification tab is configured to have a “Grace Period = 0” and “Message Backlog = 50” (at least for now).
However, instead of getting 1 single email with a backlog of up to 50 error messages, I receive 1 email per message line… not cool.

2. Describe your environment:

  • OS Information: Ubuntu 20.04 LTS

  • Package Version: GL 4.3.9 + OpenSearch 1.3.3

  • Service logs, configurations, and environment variables:

image

3. What steps have you already taken to try and solve the problem?

I found several posts about the same subject but they weren’t answered:

and Search results for 'alert aggregation' - Graylog Community

4. How can the community help?

How do you guys make it work? :slight_smile:

Thanks!

There is a good explanation in one of the threads you listed:

This post Aggregating Events for Notification - #2 by Slair solved the issue.

Thanks all!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.