Graylog Alert set_field to true or false if message in time range

I’m trying to create an alert that only sends if messages are received between 2:00PM and 6:30PM.
I’ve created this rule (some of my syntax might be incorrect, can ignore)

rule “function is_trading”
when
has_field(“timestamp”)
then
let msgTime = to_string($message.timestamp.hourOfDay) + “:” + to_string($message.timestamp.minuteOfHour)
set_field(“trading_hours”, to_string(“14:00” <= msgTime < “18:30”))
end

Any thoughts on how to accomplish this would be much appreciated.

@jupiter23
Hello and Welcome,

I think this might be what your looking for.
I use this for users that login at a certain time. You probably can adjust it to fit your needs.

Hope that helps.

That’s great. Thank you, this is very helpful.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.