Help me creating correct alert condition

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I have my stream collect log for login
I want to create slack alert if any login attempt found with in last 1 min, every 1 min
(In other word, every one minute, I want to get notification if any login has attempted for the last one minute)

2. Describe your environment:

  • OS Information: ubuntu 20.04

  • Package Version: latest

  • Service logs, configurations, and environment variables:

3. How can the community help?
I setup like this

Screen Shot 2022-10-06 at 12.42.32 PM
Screen Shot 2022-10-06 at 12.42.32 PM1057×676 119 KB

and this is not working as I wanted.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Hello @ushiii111798

I have done this already. In your screenshot click “Aggregation of results reaches a threshold

And have the setting like so…

image
image1868×724 46.9 KB

Now if yo want, you can adjust Notification setting to have a grace period, with the amount of back logs you wish.

image
image1694×593 41 KB

Should be good,

What I showed was if any message hits your stream (i.e., API_BDSCC) , GREATER Then 0, alert. Notification settings states wait 1 second before alerting again.

hope that helps

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.