Populate relevant messages in alert

dmuensterer · September 26, 2022, 6:14pm

1. Describe your incident:
I am looking for a way to find messages related to a triggered alert.
For simple alerts it might be easy to find but e.g. for a brute force alarm or more complex scenarios it would be great to be able to have a list with the referenced messages attached that caused the alert to trigger.
Is this possible?

3. What steps have you already taken to try and solve the problem?
I’ve had a look at adding field to events but couldn’t find a way to attach the relevant source information.

4. How can the community help?
Show or propose a way on how attaching source messages to events is possible.

tmacgbay · September 26, 2022, 7:57pm

If you are looking for the message/data the event fired off on, there is a whole section for that if you are looking for event correlation you need a license for that… which you can have for free if your data can stay under 2GB a day.

gsmith · September 27, 2022, 3:16am

Hello,
Adding on…

Not sure if your referring to Alerts section in the GUI or the Notification Email alert?
So here is both:

Example of GUI, This shows what’s wrong, from what source and count of that alert/s.

Modified the notification template with a link to the original message.

system · October 11, 2022, 3:17am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alert link to original message Graylog Central (peer support)	4	1514	July 31, 2020
Message URL in alert notification Graylog Central (peer support)	2	1658	August 16, 2017
Adding source message to Notification Graylog Central (peer support)	2	1959	December 6, 2019
How to view the message that generates an event for an event definition without alerts Graylog Central (peer support)	2	307	August 17, 2020
Email Alerts w/ Additional Information Graylog Central (peer support)	8	891	January 26, 2021

Populate relevant messages in alert

Related topics