To make alerts for login in specific time range

sai · June 17, 2021, 12:48pm

Hello everyone,

Iam trying to create alert for logins in specific time. For example if there is a login at 2:00 am then there should be an alert.

I have created pipeline code which extract only hour field from the timestamp and I tried to query between a time range for example message:“login success” AND hour: 12 TO 5.

But in search result I only see logs during 12 hour not the range from 12 to 5.

If anyone have solution to it please let me know.

thanks in advance

shoothub · June 21, 2021, 1:38pm

Do you use pipeline function which uses 24 hour format? Or do you use12 hours AM, PM?
Graylog support searching in numeric ranges using one of these syntaxes:

hour:[5 TO 12]
hour:{5 TO 12}
hour:(>=5 AND <12)

Check docs for better explanation:
https://docs.graylog.org/en/4.0/pages/searching/query_language.html

sai · June 21, 2021, 1:54pm

Hello shoothub,

Thank you very much for the reply, Yes I cretaed pipeline function which will see the time format I needed to check. I used pipeline funtion to split the timestamp and make query like you mentioned. it works.

Thanks again

have a great day

system · July 5, 2021, 1:54pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.