Graylog alerting - question

Hi,

Is it possible to use same event definitions, but with different streams and different notifications?

For example,
I have already created 50 event definitions and I’m using them with stream named “Company One” and with notifications named “Notifications for Company One”.
Now, I want to use those same 50 event definitions (without creating new 50 event definitions or duplicating the existing ones) but with another stream named “Company Two” and with notifications named “Notifications for Company Two”.

So, when there is a log notifications from Company One, I will get an email named “Log Alert from Company One…”, and when there is a log notifications from Company Two, I want to get an email named “Log Alert from Company Two…”.

Is this possible or I have to duplicate every event definiton and then edit duplicates?
Thanks!

You would make one alert that covers both streams, and then have the company name stored as a field in the message, you can then pull it as a custom event field and use it as a variable in the email template. You can also pull a value to use as the TO email address, but that that one may be an enterprise only feature I can’t rememeber.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.