[SOLVED] Filter messages with "Event Severity: Critical" in Event Definition

nvitelli · August 30, 2021, 8:21am

Description of your problem

I would like to set an Event Condition as “Event Severity: Critical” but when I’m in the “Filter & Aggregation” tab and type that condition in the “Search Query” box there are no messages. (1)
1

Although if I search “event_severity: critical” in the main page (Search) and filter in the last 30 days actually there are messages. (2)
2

Description of steps you’ve taken to attempt to solve the issue

Alerts → Event Definitions → Edit → Filter & Aggregation → type “event_security: critical” in the Search Query input box

Environmental information

Operating system information

Windows

gsmith · August 30, 2021, 9:24pm

Hello && Welcome

It seams that the two screenshots are the same.
What I understand about your issue is that the field event_severity is populated, have you tried increasing “Search within the last” time frame?

also, are you using the right stream for the Filter & Aggregation?

nvitelli · August 31, 2021, 7:25am

Thank you, now it works

system · September 14, 2021, 7:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Event definition not sending alerts Graylog Central (peer support)	3	1213	February 21, 2021
Graylog 3.1 Alert Notification using Event Definition with Aggregation Graylog Central (peer support)	15	2455	January 5, 2020
Event definitions Graylog Central (peer support)	6	330	March 6, 2023
How to view Critical Events Graylog Central (peer support) sidecar , winlogbeat	3	845	March 24, 2020
Event definition help Graylog Central (peer support)	6	884	July 8, 2020

[SOLVED] Filter messages with "Event Severity: Critical" in Event Definition

Description of your problem

Description of steps you’ve taken to attempt to solve the issue

Environmental information

Operating system information

Related Topics