Get backlog from an alert

mdcastro-dc-uba-ar · August 23, 2019, 3:06pm

Hi.
I need to script some actions based on the content of some messages.
I have an alert condition set to trigger when there are more than X messages with the same IP. The backlog is set to 1.
¿Is there a way to get that IP value into my script?
I tried with the execalarmCallback plugin but it has no way of including the backlog message as a parameter.
Then I tried making requests to the API, but I can’t find any way to get the actual content of the messages or any of the extracted fields.

Sadly, I don’t know enough Java to write my own plugin or modify an existent one.

Thanks.

jan · August 25, 2019, 9:48am

What Graylog Version are we talking about?

system · September 8, 2019, 9:48am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alert Notifications Syntax, Relating to Backlog and Message Graylog Central (peer support)	1	752	December 24, 2018
Message count condition alerts with message content Graylog Central (peer support)	2	877	December 12, 2019
Message Backlog Graylog Central (peer support)	1	878	December 4, 2018
Alert - 1 Alert for timeframe Graylog Central (peer support)	1	293	October 6, 2020
Alert: logID + log content Graylog Central (peer support)	2	392	January 2, 2020

Get backlog from an alert

Related Topics