Hello i want to see if a log was not send to graylog.
So i write a cron which write every 10 minutes a specific statement in syslog.
Now i make a alert which send a notification if this statement was not find in query in the last minute.
This works…
BUT if i group by field host name no alert or notification was send.
What i did wrong?
@neophilipp
Hello,
I’m assuming this is Graylog 4.0?
Have you tried to set the Create Events for Definition like this?
What does your configuration setting on Notification Settings section look like?
Hope that helps
@gsmith Thx but i dont understand why x=0 is not a event but x>0 is a event?? Can you please tell me where i can find this in the doku?
Hello
It’s a math problem, by troubleshooting your issue I would see if something is working for you better then the configuration you have.
count = 0
If you have messgae count equal to 0 send alert.
count > = 0
If you have message count equal or great then 0 send alert
count >0
If you have message count great then 0 send alert
https://docs.graylog.org/en/4.0/pages/alerting/alerting-by-example.html#aggregation
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
