I did not find it in the documentation and through an Internet search and I want to ask you folks before I let it unsolved.
Do you know if it is possible to add one more priority level on Alerts > Event Definitions > Create Event Definition > Priority?
I need this because at the moment I’m working with four priority/criticality ratings on my alerts.
Do you know if it’s possible to add more levels and maybe change the names, inside of the own Graylog interface?
I appreciate in advance any comments or tips.
Not sure if this is possible, but the idea deserves to be filed as a Feature Request in Graylog’s Github repo.
I will make one, so, thanks for the comment!
Out of curiosity could you explain in greater detail why you need one more priority level on a alert?
The application’s events that I’m analyzing have certain situations that only three priority levels will not classify close to the real scenario, and for my work, the more acurate my classification is less false positives I will have and more intelligent will be my alerts, this is my understanding at the moment.
Also, I’m working in a scoring system, because I have alerts, that can be classified as high, but with three diferent levels of high, why? because this granularity in the future will help me to start to work towards behavior detection not only just event triage.
If my explanation didn’t make sense, I can elaborate more.
Ok I see now
And thank you for enlightening me on this aspect of priority’s. Didn’t think of that.
all good it was perfect and thx you
You could create a field in a pipeline from your message data that denotes your custom severity and you can work from that - an alternative while you wait for possible changes in Graylog…
Yes, I’m using this concept at the moment, I just wanted to validate with the community, if was possible to add more priority levels.
Thank you very much guys for the help.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.