Hi,
We are implemented Graylog server for Windows Logs.
From Client sides ( Windows Machines ) send logs to Graylog using nxlog client
using GELF_UDP
Graylog Server version is 6.
We want to configure the Alert email in case there is Failed user login/password attempt ( By using Windows Event ID 4625 ).
Alert is working and it is triggering notification. The issue is that we want only selected Field of Alert to incldue in notifcation email. I tried to use below way
It is sending cmplete log.
Below is configuration I am trying to use
${if backlog}
ā [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
User: ${message.fields.TargetUserName}
${end}
${end}