Send event notification if other event not found in 5 minutes

1. Describe your incident:
I have 2 event definitions set and each sends a different notification for PDU redundancy. One for when redundancy fails, and the other for when it is restored. Is there a good way to make it so that it only sends the notification for the redundancy failing if there is no notification for if the redundancy was restored within the last 5 minutes? I’m pretty new to Graylog so some of the configuration and syntax is pretty confusing for a noob.

2. Describe your environment:

• OS Information: Ubuntu 20.04 with Docker running Graylog version 4.3.0

3. What steps have you already taken to try and solve the problem?
I looked to see if there was a way to correlate events together and had no luck. Also tried seeing if I could set any filter and aggregation settings to make this happen and was unsuccessful.

4. How can the community help?
Please explain if what I am looking to do is possible and the best practice to get it implemented in a reliable way.

Hello && Welcome @WarmEthernet

Correct me if I’m wrong, trying to set up a redundancy for notification alert incase one alert does not get sent?

Actually that’s a good question. I personal have not configured a redundant notification setting.

Normally If the mail service fails redundancy doesn’t help. If the mail service is not failing but only for that one notification set, then I have stream/alert on the mail service that there was a problem. This is on the sendmail, postfix, etc… service log file.

Sorry, I don’t have a direct answer but to be honest I have not heard/seen of someone having this configuration. I’m curious how your going about it thou.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.