How to add an alerting for a source that is not sending logs to graylog

JitJos · March 15, 2024, 7:49am

1. Describe your incident:
I have seen several posts for this question but none of them really works for me.
I need to add an alerting for a source that is not sending logs to graylog. We have a large kubernetes environment with more than 1000+ nodes. So creating streams for each of these nodes is tedious. I also saw like a content pack for this but unfortunately that link is not working. (issue mentioned here )

Does any one help me to get a working solution for this ?

Here is my environemnt details
Graylog running on Kubenetetes
Graylog 3.0.1+de74b68 on (Oracle Corporation 1.8.0_212 on Linux 5.16.12-1.el7.elrepo.x86_64)

JitJos · March 22, 2024, 11:35am

Can anyone help me here ?

Joel_Duffield · March 22, 2024, 12:23pm

If you are using graylog open there are really only two options. Create an individual event for each source, make it an aggregation event of count <1. You could aldo make a single event that uses an aggregation to count the distinct sources but that would only tell you that some source isnt sending, not which one.

system · April 5, 2024, 12:24pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3079	April 22, 2021
Alert when there is no logs from particular logsource Graylog Central (peer support)	6	490	September 24, 2019
Alert when certain source didn't receive logs within x minutes Graylog Central (peer support) alert	4	714	January 24, 2023
Alerts not working Graylog Central (peer support)	3	891	July 21, 2020
Alerts about not receiving messages Graylog Central (peer support)	9	734	March 15, 2021

How to add an alerting for a source that is not sending logs to graylog

Related Topics