graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Alert notification message

Open saurabhsinghiam opened this issue 2 years ago • 1 comments

I have implemented graylog using docker and consuming data over udp with some imported extractors, I have setup a alert in where if any count(SourceIP) >=1000 then it shows the specific Ip and its count . in search dashboard after replay search of this alert it is running fine and highlighting the IPs and the counts but when I setup up notification I want see the specific IPs that invokes the alert same like it shows in search dashboard but so far I'm unable to achieve this please help me regarding this , I have tried it with message backlog but no luck.

  • Graylog Version: 5.2

saurabhsinghiam avatar Jan 14 '24 10:01 saurabhsinghiam

@saurabhsinghiam You should be able to extract the desired SourceIP from the backlog messages. Here is a lengthy discussion of that topic: https://community.graylog.org/t/problem-with-backlog-message/19083/16

Please be more specific: What does the event definition and notification look like exactly? How did you try to get the data from backlog? What was the result?

patrickmann avatar Jan 25 '24 16:01 patrickmann

No response from user for 2 months and issue unclear- closing this for now.

tellistone avatar Mar 13 '24 11:03 tellistone