Graylog Community

Group by message data

Graylog Central (peer support)

getaffe (yunus) January 23, 2020, 7:46am 1

Hi all,

I have created a stream which store all error and exceptions comes fromsyslog. I want to group by errors according to error message

for example ı got this error 5 times in last 1 minutes. I want to group same type errors and create alert

how can ı do that ?

message
/home/logs/app.log,07:14:09,534 INFO - DeviceCmd::writeException::handled::appKey::xxx::iid::gT07Jklck::deviceId::8f2ecac6

jan (Jan Doberstein) January 23, 2020, 3:55pm 2

He @getaffe
as you did not share your Graylog version I assume you have the latest running. What you want to make is an aggregation on the message, that is part of the enterprise plugins for alerting.

Topic		Replies	Views	Activity
Message grouping Graylog Central (peer support)	2	1450	November 7, 2018
Count of each unique message text per backlog entry in event / notification? Graylog Central (peer support)	4	2315	June 17, 2021
To make alert based on frequeny of messages Graylog Central (peer support)	7	695	July 1, 2021
Backlog grouped into one event notification Graylog Central (peer support)	1	331	January 1, 2021
Automatic Segregation and Grouping of logs Graylog Central (peer support)	4	490	February 24, 2020