From the many posts about alerting I’m unable to find the best approach to:
Run an alert / check at 09:00AM in morning just once and send a notification if query returned results.
Sleep for another 24 hours, and repeat.
I think I could do that with the alert “Search Within and Execute Search Every”. It would allow to run every 24 hours and that would be sufficient but how do I determine the start-time for it?
Do I specifically enable the alert at a certain time (at 09:00AM in my case) and will it start counting to the next Execute Search interval specified, in this case 24h from when-I-enabled-it aka the next day again ± 09:00AM?
So do I create the notification and try some trial & error updating the schedular_job_definitions & schedule_triggers collections or what do I do to get it to run once, every 09:00AM?
Hi @jan , thanks for your reply. This requirement made me look at the API, I wasn’t aware Graylog had such a well executed API layer… I settled for a daily scheduled curl job to get what I’m after, pass the CSV into Gnuplot & inline replace the returned message _id’s with a direct query link to Graylog and mail it as a report with manager-approved colouring and charts.
