Limit backlog to alerts matching grouping condition

josha_ml · September 3, 2019, 8:21pm

Hello,

The addition of the grouping to alert conditions in 3.1 is a huge help! The only thing I am wondering if I am missing or overlooking, is there a way to have the notification that gets sent for an alert event include the backlog of messages that only match the grouped key or filter?

Currently it seems to include all of the messages that match the given search filter, not just those that also matched the aggregation condition to trigger the alert.

Thanks!
Josh

konrad · September 4, 2019, 7:44am

Hi @josha_ml,

No you are right. As it seems we do not separate the messages based on the grouping
key for the message backlog.

Could you please open a feature request on github with a detailed example?

Thank you!

Cheers,
Konrad

josha_ml · September 4, 2019, 8:05am

Done! #6381

https://github.com/Graylog2/graylog2-server/issues/6381

Thanks!

system · September 18, 2019, 8:05am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.1 Alert Notification using Event Definition with Aggregation Graylog Central (peer support)	15	2817	January 5, 2020
Alert - 1 Alert for timeframe Graylog Central (peer support)	1	322	October 6, 2020
Graylog Alert with multiple messages in one mail Graylog Central (peer support)	1	932	November 21, 2019
Graylog 3.1.4 Alert Backlog Issue Graylog Central (peer support)	2	453	November 25, 2020
Message count condition alerts with message content Graylog Central (peer support)	2	927	December 12, 2019

Limit backlog to alerts matching grouping condition

Related topics