Troubles with alert

Sergei · March 22, 2021, 6:42am

Hello!

I have messages:

time: 10:00:00, session: 1, blocking-session: 2
time: 10:00:00, session: 3, blocking-session: 4
time: 10:00:00, session: 5, blocking-session: 6
time: 10:00:20, session: 1, blocking-session: 2
time: 10:00:20, session: 5, blocking-session: 6
time: 10:00:40, session: 7, blocking-session: 8

I want to alert every 20 seconds if were the same pairs (session + blocking-session).
In my case I want to see 2 message:

session: 1 blocking-session: 2.
session: 5 blocking-session: 6

How I should make event defenition?

dickinsonzach · March 22, 2021, 2:31pm

Good morning, are those messages received from a source? And if you receive them you want to trigger an alert?

You can start here:
https://docs.graylog.org/en/4.0/pages/alerts.html

You won’t be able to alert every 2 seconds. Best case is every minute, but that can be problematic as it may take more than a minute to parse you logs/inputs.

Thank you, Zach.

system · April 5, 2021, 2:31pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GrayLog 5 and Alerts Graylog Central (peer support)	3	253	June 30, 2023
Graylog alerting per unique message Graylog Central (peer support) pipeline-rules , route-to-streampl	3	821	November 1, 2017
Graylog Alerting issue Graylog Central (peer support)	1	297	March 6, 2019
Event Defintion - Alert Trigger - check if message is true in the last 10 minutes Graylog Central (peer support)	4	350	April 23, 2020
Alerts not being triggered for [ALL MSgs] Graylog Central (peer support)	7	2341	April 25, 2017

Troubles with alert

Related Topics