I have a specific case where I need to create an alert which would scans some messages since the “present day” from midnight and not since the last day or last 24 hours.

Is it doeable in Graylog by getting creative ?

Do you think I can apply that to an alert in some way ?

I’m not sure, sorry. But I’ll try to check that, unless somebody else really knows it.

So far, I didn’t figure anything out in this direction.
Maybe it would deserve a feature request ?

I’m using this because, in one of my log files, I’m watching the cardinality of a field value, and it would be more relevant to have it only for the present day. Otherwise, it cause, in this specific case, human interpretation errors.

Maybe with a pipeline-processor, that split the timestamp to check if it’s today. But this could only be a workaround. I think this could have a good chance for a feature request.

