I am new to Graylog. I got now messages sent from a bunch of servers into Graylog and the first use case I want to implement is monitor my backups.

Every night I get logs that include, the following fields:

backup_volume: this is the volume name been backed_up, normally has a descriptive name such as ldap_data
backup_status: where 0 means all went OK and other code means that there was an error: typically connectivity, disk space, etc… errors will generate different error numbers.

In real life each backup_volume implies different priority, for examnple, it is not the same if stage_data cant be backed up, or billing_data cannot be backed up. So I would like to monitor the volumes themselves, I would like to get an alert like:

The backup for volume “billing_data” failed.

So, Alerts should be created/followed up for each value in backup_volume and enter state alert when backup_status is not 0.

Is it possible to do this with Graylog?

