Obtaining an aggregate rule field value in notification message

knightsg · August 13, 2018, 4:40pm

I set up an aggregate rule that sends notifications if the value of a particular field appears x number of times in a 1 minute interval. It works, but the message it sends out just includes the name of the rule as the alert description, ie. “The same value of field ‘example’ occurs 100 or more times in a 1 minute interval”.

This is not very useful as we have multiple apps that send to this stream, so I have to go to the stream and search for the source of the error manually. Is there a way to instead get the rule to include the value of the field as well?

Thanks,
Guy

jan · August 15, 2018, 8:14am

you should check if the plugin Maintainer is an active member of this community or use the written down support channels in the Readme.

system · August 29, 2018, 8:14am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.1 Alert Notification using Event Definition with Aggregation Graylog Central (peer support)	15	2455	January 5, 2020
Aggregation Alert with condition Graylog Central (peer support)	2	912	January 10, 2018
GrayLog Alert by Custom Field Graylog Central (peer support)	4	1847	February 5, 2021
Alerts on content by count Graylog Central (peer support)	6	2425	May 26, 2017
Alerts conditions for multiple field values Graylog Central (peer support)	1	1880	July 19, 2018

Obtaining an aggregate rule field value in notification message

Related Topics