[SOLVED] Filter messages with "Event Severity: Critical" in Event Definition

nvitelli · August 30, 2021, 8:21am

Description of your problem

I would like to set an Event Condition as “Event Severity: Critical” but when I’m in the “Filter & Aggregation” tab and type that condition in the “Search Query” box there are no messages. (1)
1

Although if I search “event_severity: critical” in the main page (Search) and filter in the last 30 days actually there are messages. (2)
2

Description of steps you’ve taken to attempt to solve the issue

Alerts → Event Definitions → Edit → Filter & Aggregation → type “event_security: critical” in the Search Query input box

Environmental information

Operating system information

Windows

gsmith · August 30, 2021, 9:24pm

Hello && Welcome

It seams that the two screenshots are the same.
What I understand about your issue is that the field event_severity is populated, have you tried increasing “Search within the last” time frame?

also, are you using the right stream for the Filter & Aggregation?

nvitelli · August 31, 2021, 7:25am

Thank you, now it works

system · September 14, 2021, 7:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error in event definition Graylog Central (peer support)	4	1820	January 4, 2020
Event definition not sending alerts Graylog Central (peer support)	3	1353	February 21, 2021
Graylog 3.1 Alert Notification using Event Definition with Aggregation Graylog Central (peer support)	15	2859	January 5, 2020
Graylog Alert Fields are not getting filled when using a Threshold Graylog Central (peer support)	11	175	August 1, 2024
Asking for explanation of the search field Graylog Central (peer support)	1	380	September 21, 2019

[SOLVED] Filter messages with "Event Severity: Critical" in Event Definition

Description of your problem

Description of steps you’ve taken to attempt to solve the issue

Environmental information

Operating system information

Related topics