I have started using the Graylog recently with my syslog and need to configure an email alert for the occurrence of single message (even if a single message coming to the stream) from log stream. But alerting is not working for a single specific message when it appear on the input log stream. If there are more than 5-10 specific message which I am looking for is coming to the input stream then alert is working fine.
I am not sure how to get this done for a single pattern of a log to generate alarm.
Kindly help and please let me know if i need to provide some more details.
My config is
Time Range = 10
Threshold Type = more than
Threshold = 1
Grace Period = 5
Message Backlog = 10