Hi,
I have setup HTTP Alarm Callback and using Message Count Alert Condition. My condition looks like:
Configuration: Alert is triggered when there are more than 0 messages in the last minute. Grace period: 0 minutes. Including last message in alert notification. Configured to repeat notifications.
With this rule only one message gets sent as notification rest all new messages are missed. How can I make it send notification for all new messages in stream?
AFAIK you cannot do this with the current state of Graylog alerting system. Graylog only considers alert conditions to be matched or not on a certain period of time (by default 60s). If you have multiple messages matching an alert condition in the same minute, only a single alert notification will be sent.
I see two options:
Set the message backlog to a high number - this was, Graylog’s notification should include all the messages, and your notification endpoint (e.g. HTTP server listening for webhooks) can take action for each individual message
Give feedback to the Graylog team so they implement the possibility to have alert conditions trigger on individual messages 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
