Hi Jochen,
Thank you for your reply.
I see. OK for the rules I bit understand now.
For the alert actually I want to get alert from message that has level 3
only. Is that possible to do so? or the way that I setup is incorrect?
I read the docs that alert have several conditions, but I'm not really
understand how to set it up:
- Message count condition
- Field value condition
- Field string value condition
I want to get the alert early rather that stare on the dashboard actually.
:D
The Stream rules that I created is receiving log msg from Windows Server.
On Monday, August 1, 2016 at 2:47:54 PM UTC+8, Jochen Schalanda wrote:
>
> Hi Arief,
>
> the stream with the rule you've described ("level must be exactly 3")
> should be fine.
>
> The alert condition you've created is wrong, as "level:3" is not a field
> (but "level" is). What exactly do you want to achieve with the alert
> condition?
>
> Cheers,
> Jochen
>
> On Monday, 1 August 2016 05:55:54 UTC+2, Arief Hydayat wrote:
>>
>> Dear all,
>>
>> I'm trying to get the *Error (level: 3)* log message only for now. So I
>> tried to create new stream with rules* level must match exactly 3*
>>
>>
>> and then, on the Manage Alerts I tried to setup new alert using Field
>> value condition something like below:
>>
>>
>> How do I can filtering the message that I need? Are all those steps that
>> I did is the proper way to do?
>>
>> Thanks a lot for your help guys.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/e66b9f2d-de3b-4209-bd3f-dcfbeb8fc734%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
