Hi Dennis, Please fins the below message received in mail.
from the below message it is clear that i have configured alert for stream id 53bc1a3e84aec89bccdcdec1 and i am gettnig message of stream id 53675b5c84ae332672daac1b I have replace some ips and files name with * in the below because it is from production : Field No_Of_AuditFiles had a max of 2.0 in the last 1 minutes with trigger condition higher than 1.0. (Current grace time: 1 minutes) ########## Date: 2014-07-08T16:56:38.923Z Stream ID: 53bc1a3e84aec89bccdcdec1 Stream title: Audit Batch Report Stream URL: http://172.17.***.***/streams/53bc1a3e84aec89bccdcdec1/messages?rangetype=absolute&from=2014-07-08T16:55:38.922Z&to=2014-07-08T16:56:38.922Z&q=* Stream rules: [StreamRuleImpl: <{_id=53bc1a4784aec89bccdcdecb, field=type, value=Policy_Server_auditreport, stream_id=53bc1a3e84aec89bccdcdec1, inverted=false, type=1}>] Alert triggered at: 2014-07-08T16:56:38.922Z Triggered condition: 184308b5-4338-41cb-bde3-3ad9f8ac881f:FIELD_VALUE={time: 1, field: No_Of_AuditFiles, check type: max, threshold_type: higher, threshold: 1.0, grace: 1}, stream:={53bc1a3e84aec89bccdcdec1: "Audit Batch Report"} ########## Last 5 relevant messages: ====================== << Message: a48af710-d76b-11e3-8fa3-005056bf545a >> timestamp: 2014-05-09T11:18:27.179Z source: ********************** client: 172.19.68.46 facility: IIS_Access_Log full_message: ************************************************************************* gl2_source_input: 53675b1184ae332672daabc9 gl2_source_node: 3fb35bb6-9691-487e-a8d9-bc5b48c4c1d5 level: 6 messagetimestamp: 09/May/2014:16:47:29 +0530 method: GET path: D:/******************************.log protocol: HTTP, 1.1 request: /***************************************************************************** responsecode: 401 responsesize: 372 streams: [53675b5c84ae332672daac1b] tags: pass_IIS type: IIS_Access_Log userid: - version: 1.0 message: ******************************************************************************* << Message: a48ccbd0-d76b-11e3-8fa3-005056bf545a >> timestamp: 2014-05-09T11:18:27.179Z source: **************** client: 172.20.144.129 facility: IIS_Access_Log full_message: ***************************************************************************** gl2_source_input: 53675b1184ae332672daabc9 gl2_source_node: 3fb35bb6-9691-487e-a8d9-bc5b48c4c1d5 level: 6 messagetimestamp: 09/May/2014:16:47:31 +0530 method: GET path: D:/************************* protocol: HTTP, 1.1 request: *************************************************************************************** responsecode: 302 responsesize: 2148 streams: [53675b5c84ae332672daac1b] tags: pass_IIS type: IIS_Access_Log userid: ******* version: 1.0 message: ******************************************************************************************* << Message: a48d8f20-d76b-11e3-8fa3-005056bf545a >> timestamp: 2014-05-09T11:18:27.194Z source: ***************** client: 172.***.***.*** facility: IIS_Access_Log full_message: ************************************************************************************** gl2_source_input: 53675b1184ae332672daabc9 gl2_source_node: 3fb35bb6-9691-487e-a8d9-bc5b48c4c1d5 level: 6 messagetimestamp: 09/May/2014:16:47:31 +0530 method: GET path: D:/******************.log protocol: HTTP, 1.1 request: ************** responsecode: 302 responsesize: 2148 streams: [53675b5c84ae332672daac1b] tags: pass_IIS type: IIS_Access_Log userid: ****************** version: 1.0 message: GET *************************************************** << Message: a48ddd40-d76b-11e3-8fa3-005056bf545a >> timestamp: 2014-05-09T11:18:27.194Z source: ************************** client: 172.19.144.45 facility: IIS_Access_Log full_message: ************************************************************************************ gl2_source_input: 53675b1184ae332672daabc9 gl2_source_node: 3fb35bb6-9691-487e-a8d9-bc5b48c4c1d5 level: 6 messagetimestamp: 09/May/2014:16:47:33 +0530 method: GET path: D:/*********************.log protocol: HTTP, 1.1 request: ***************************************************************************************** responsecode: 401 responsesize: 372 streams: [53675b5c84ae332672daac1b] tags: pass_IIS type: IIS_Access_Log userid: - version: 1.0 message: *********************************************************************************************** << Message: a492bf40-d76b-11e3-8fa3-005056bf545a >> timestamp: 2014-05-09T11:18:27.194Z source: ********************* client: 172.***.***.*** facility: IIS_Access_Log full_message: **************************************************************************************************** gl2_source_input: 53675b1184ae332672daabc9 gl2_source_node: 3fb35bb6-9691-487e-a8d9-bc5b48c4c1d5 level: 6 messagetimestamp: 09/May/2014:16:47:39 +0530 method: GET path: D:/************************.log protocol: HTTP, 1.1 request: ***************************************************************************************************** responsesize: 2148 streams: [53675b5c84ae332672daac1b] tags: pass_IIS type: IIS_Access_Log userid: *************** version: 1.0 message: *************************************************************************************** Regards, Ankit Mittal -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
