Tristan, Thanks for the reply, I'm just circling back to this project now.
The test email gets through just fine. I have tried matching the source exactly equally the hostname and also the source field exists. In both cases, when I test a log message that comes in, but did not alert, graylog says the message matches the rule. The stream is started, yes. My alert for the stream is setup as follows: Message count condition: Trigger when there are more than 0 messages in the last 1 minutes, and then wait at least 0 minutes until triggering. When sending alert, include the last 1 messages of the stream for this alert condition. -Mark -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
