Hey Graylog Community
We have a one node Graylog Setup with Docker.
Our environment has only 2 clients connected until now and our log rate is below 1 log/minute.
We have an alert set up, which should be triggered as soon as a critical error enters graylog (Search every minute for 1 minute).
The Problem is, that the event is only fired, when there is another event after the critical one.
For now we solved the problem with a Random HTTP Message Input but that’s not a “nice” solution, because every log is stored in elasticsearch and overall its “messier”.
My Questions are:
- Is there a way to delete Random HTTP Messages instandly without storing them in elasticsearch?
- Is there another solution to solve this Problem? Disabling Journaling on 1 node isn’t the best idea I think?