I have several devices that report in at least once an hour through a generated log entry. How could I setup a way to find devices that haven’t been heard from in over an hour? Is a search query capable of this? Thanks!
he @LampKind
currently the only option is to write a script, that checks via API search how old the oldest entry of a single source is - and then maybe procude a log messages that you can alert on.
Upcoming versions of Graylog will have that function available.
You can create a stream that matches the criteria and alert if the message count is zero over a period that is relevant.
It’s tedious to setup per input if you’re like us that make use of dedicated inputs, but it works.
I’d love to easily be able to setup alerts if an input is no longer receiving data.
Thanks
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.