I want to inform you of the same message you received for one minute only once and include the number of times in the content

Hello
I’m a beginner using Graylog.
I would like to ask for advice from many masters.

We are sending it to each person in charge by e-mail according to the alert rule.
Sometimes there are logs that generate the same alert during the service, and in some cases, these logs generate dozens of logs per minute.
The problem is that all alert mails generated in this way may be full of mailbox on the receiving side or may be recognized as attacks and blocked.
You can also simply set it as count()>=20 or the like in Aggregation settings.
However, I would like to receive such a large amount of the same alert mail once a minute and record how many times it has occurred in total.
For example, it’s as follows.
Message A has been received. This message was generated once a minute.
Message B has been received. This message was generated 30 times a minute.

I think there are some people who have the same concerns as me.
Please let me know what your solution was.

Thank you in advance for your answers.

Hello,

Maybe try something like this.

image628×642 22.1 KB

image781×618 22.7 KB

Thanks so much for the reply gsmith.
Haven’t been able to test it yet with other tasks.
We will test it and let you know the confirmed result.

Have a nice day.

It worked fine the way you told me.
thank you.
Have a nice day.

Nice it worked out.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.