I did setup Graylog (community edition) to monitor alarms. That works, no problem.
Then a dashboard shows a lot of messages and I would like to add a status to certain messages, like ‘further action needed’ etc. Eventually forward the event.
The IMHO strange thing is that I can only view the messages in the dashboard but not mark then for any action / give them a status and track them in an other dashboard.
How should I do that!?
Is it really not possible!?
Is this function removed in the community edition!!?
Note that I am running the latest GrayLog version (6.2.2)
I am talking about log messages as forwarded / collected by Graylog from any source. And of course the message itself should not be changeable.
However adding a status and an action is something else, which is IMHO a very logical even essential function in every alarm/message monitoring system.
So I would be very surprissed if that functionality is not available in GrayLog. I would really expect that you can select a message and have an option to set a status and create an event.
I think you simply want to create an event telling you, that there are a lot of logs (of some certain time). You might use the “Group by” function to split your alerts for some fields.
If you attach an Notification to your event, this will become an alert and tell you that there is something going on. If you hit the replay button on the event-page you will be redirected to a stream-view showing you the logs which triggered that event.
