Hello
In my current setup i get an email for every event with one single message.
Would it be possible to get one mail with all messages found matching the filter criteria?
In the filter & aggreagation setup i search for a query within the last 24 hours and execute the seach also every 24 hours.
The filter preview shows me 4 messages found.
In the notification tab i have set backlog to 50 messages.
Shouldnt the backlog feature iterate through all events found and include all messages in the mail?
This is myTemplate:
— [Event Definition] ---------------------------
Title: {event_definition_title}
Description: {event_definition_description}
Type: {event_definition_type}
--- [Event] --------------------------------------
Timestamp: {event.timestamp}
Message: {event.message}
Source: {event.source}
Key: {event.key}
Priority: {event.priority}
Alert: {event.alert}
Timestamp Processing: {event.timestamp}
Timerange Start: {event.timerange_start}
Timerange End: {event.timerange_end}
Fields:
{foreach event.fields field} {field.key}: {field.value}
{end}
{if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
{foreach backlog message}
{message}
{end}
${end}
Running Graylog 3.1.2