Issue with generating alarms for a single message

Dear All,

I have started using the Graylog recently with my syslog and need to configure an email alert for the occurrence of single message (even if a single message coming to the stream) from log stream. But alerting is not working for a single specific message when it appear on the input log stream. If there are more than 5-10 specific message which I am looking for is coming to the input stream then alert is working fine.

I am not sure how to get this done for a single pattern of a log to generate alarm.

Kindly help and please let me know if i need to provide some more details.

My config is
Time Range = 10
Threshold Type = more than
Threshold = 1
Grace Period = 5
Message Backlog = 10

you are looking for more than one message so 1 is not more than one …

Thanks Jan for helping me on this.

I have tried the following options as well, but still not able to generate an alarm for a single message.

Time Range = 1
Threshold Type = less than
Threshold = 1
Grace Period = 1
Message Backlog = 10

Sorry, My bad the following configuration worked.
Time Range = 1
Threshold Type = more than
Threshold = 0
Grace Period = 1
Message Backlog = 10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.