To make alert based on frequeny of messages

Hello everyone,

I have a scenario where I should make alert based on frequency of message into graylog by particular source.

For example if source sw1 make message of x in 10 minutes and in next 10 minutes if it makes x+30 message then graylog should create an alert.

Is anyone have idea how this can be achived please?

Thank you in advance for your reply

Hello,

I might be able to help.This may or may not work but might be able to give you an idea.

Create a stream called “SW1”.
Create a “Event Definition” for that stream.
Here is example of what I would do, but this can be achived different ways.

Set up you conditions

Then set your count


Or try something like this

And last set your Grace Period set for 10 minutes.

Maybe that will give you an idea, hope it helps.

Hello gsmith

Thank you very much fot your help I will try it out and check. If I have any questions during this I will post it in the same channel.

Thanks again

Have a great day

Hello,

I am not able to add multiple aggregation filter if I am using graylog 3.1.3 open source version.

Could anyone help me out.

Thank you in advance

Hello GSmith,

Could you please say me what version of graylog are you using and is a opensource?

Because in my graylog I could noy add more than one if condition.

Thank you in advance for your reply.

Have a great day

Hello,
Sorry for that late responce.
Im using Graylog -Version 4.0, MongoDb 4.2. and Elasticsearch 7.10.
Hope that helps

Hello,

Thank you very much for your reply

Have a great day

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.