Graylog Community

Group by message data

Graylog Central (peer support)

getaffe (yunus) January 23, 2020, 7:46am 1

Hi all,

I have created a stream which store all error and exceptions comes fromsyslog. I want to group by errors according to error message

for example ı got this error 5 times in last 1 minutes. I want to group same type errors and create alert

how can ı do that ?

message
/home/logs/app.log,07:14:09,534 INFO - DeviceCmd::writeException::handled::appKey::xxx::iid::gT07Jklck::deviceId::8f2ecac6

jan (Jan Doberstein) January 23, 2020, 3:55pm 2

He @getaffe
as you did not share your Graylog version I assume you have the latest running. What you want to make is an aggregation on the message, that is part of the enterprise plugins for alerting.

system (system) Closed February 6, 2020, 3:55pm 3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Aggregating errors and alerting Graylog Central (peer support)	2	402	June 10, 2021
GROUP BY FIELD Alert does not working Graylog Central (peer support)	4	489	June 3, 2021
The corresponding request for each error response Graylog Central (peer support)	5	491	September 10, 2018
ALERT - Group by and Count Distinct Graylog Central (peer support)	6	1530	July 8, 2020
Limit backlog to alerts matching grouping condition Graylog Central (peer support)	3	897	September 18, 2019