Because a particular request for alerting, I have come up with a use case scenario that I would like to share.
The requirement is an alert that only triggers within a specific time frame. For example: If a user logs on to a server from 9:00AM to 11:00AM alert me, after that time the alert is not necessary. I think having a time for when an alert could be triggered could add a lot of flexibility to graylog. Also is there a way to alert if a field is equal to one of a list of values? Something like: if userid = "user01 or user02 or user03 or user04" and eventid = "1234 or 4321 or 9999" -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1e9c3eb7-dd89-4655-b94f-be054f677ef9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
