I’m testing graylog. Actually I set a new stream with a two alerts, but with conditions. The first condition is with plugin “correlation” and the second condition is with “Count messages”. I’ve checked that is running with the first match condition (it doesn’t work always) only, the second condition it never works.
I’m having several issues with that.
Do you know if you has this situation? I mean that a stream can work with a one conditions only, I think that in base for my situation.
I think multiple alert conditions can be linked to the same stream.
Can you provide screenshots of your stream rules, alert conditions and some log samples ?
So some times for example the threshold doesn’t works fine. If the threshold is set for 3 (more than) , I don’t see the notificate like a bit to 6 o 7 times …if I set the threshold to 3 , the notification must alert on 4, must be that, no?.I think that can be or I feel that which the threshold is not working fine.
if you have a hit with 6 messages and one minute later you have 7 messages you will not get a new notification because it has not resolved once. Only the check in the box for repeated notifications will make you receive a message as long as the condition is true.
repeated notifications will notify every time the condition is true - if that is not choosen notification is only done once and than again when the condition is resolved and than is true again.
mmmmm, do you know if the notification can change something into the text or in the body the alert??? I say that because will be good dot of start for identifier different type of alerts, no?
