Is there an easy way to set up alerts on a per device basis without setting up streams for every device in my infrastructure?
Here is my situation. I have over 200 switches deployed. I wan't to alert on any syslog level 1 events and then supress for 12 hours any subsequent events of the same type from the same IP address. For example we recently had a switch that had a bad power supply. Currently I have a stream set up to catch any Syslog level 1 events, send an SMTP alert and supress any additional ones for 12 hours. If a level 1 event happens on a different device or a different event on the same device I won't get the alert since the stream is set for any level 1 events Is there a way to set up the alerts to supress based on IP address or on message field content? -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
