How to add an alerting for a source that is not sending logs to graylog

JitJos · March 15, 2024, 7:49am

1. Describe your incident:
I have seen several posts for this question but none of them really works for me.
I need to add an alerting for a source that is not sending logs to graylog. We have a large kubernetes environment with more than 1000+ nodes. So creating streams for each of these nodes is tedious. I also saw like a content pack for this but unfortunately that link is not working. (issue mentioned here )

Does any one help me to get a working solution for this ?

Here is my environemnt details
Graylog running on Kubenetetes
Graylog 3.0.1+de74b68 on (Oracle Corporation 1.8.0_212 on Linux 5.16.12-1.el7.elrepo.x86_64)

JitJos · March 22, 2024, 11:35am

Can anyone help me here ?

Joel_Duffield · March 22, 2024, 12:23pm

If you are using graylog open there are really only two options. Create an individual event for each source, make it an aggregation event of count <1. You could aldo make a single event that uses an aggregation to count the distinct sources but that would only tell you that some source isnt sending, not which one.

Topic		Replies	Views
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3637	April 22, 2021
Event definitions and alert if no logs graylog 3.2.5 Graylog Central (peer support)	3	1153	June 26, 2020
Alerts not working Graylog Central (peer support)	3	1000	July 21, 2020
Monitoring whether the source is sending logs Graylog Central (peer support) alert	3	250	December 22, 2023
Alert when certain source didn't receive logs within x minutes Graylog Central (peer support) alert	4	1015	January 24, 2023

How to add an alerting for a source that is not sending logs to graylog

Related topics