I’m a beginner using Graylog.
I would like to ask for advice from many masters.
We are sending it to each person in charge by e-mail according to the alert rule.
Sometimes there are logs that generate the same alert during the service, and in some cases, these logs generate dozens of logs per minute.
The problem is that all alert mails generated in this way may be full of mailbox on the receiving side or may be recognized as attacks and blocked.
You can also simply set it as count()>=20 or the like in Aggregation settings.
However, I would like to receive such a large amount of the same alert mail once a minute and record how many times it has occurred in total.
For example, it’s as follows.
Message A has been received. This message was generated once a minute.
Message B has been received. This message was generated 30 times a minute.
I think there are some people who have the same concerns as me.
Please let me know what your solution was.
Thank you in advance for your answers.