I am a beginner of Graylog. I want to trigger an alarm based on a field value. For e.g. @fields_serverity=“error” like the below picture. How to define it in the Template? Thanks.
1 Like
Please use Search query in the Filter & Aggregation section, not Fields. First check docs, to undestard how it works:
https://docs.graylog.org/en/4.0/pages/alerts.html#filter
1 Like
Good morning, if I follow you want to trigger an Event and the send a Notification when a device logs something with “error”.
Under Alerts, you would Create Event Definition. Then under Filter & Aggregation you would put in your Search Query to find what you’re looking for (Make sure you get some results on the right hand side. And example I have is:
“Low” AND ?x NOT “Cleared”
That will find anything with the word Low AND ?x (? is a single character wild card), but NOT the word Cleared.
Then the fields are
which are not used to search on, but to be referenced in my Email alert as {event.fields.Msg} and {event.fields.Src}
Thank you, Zach.
2 Likes
Thank you for your input. I can trigger an alert.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.