Hi Arief,
since you've already got a stream which only contains messages with level
== 3, you can simply create an alert condition in that stream to check for
messages in that stream over a given time frame, e. g. using a "Message
count condition" checking for more than 1 message in the last 5 minutes.
Cheers,
Jochen
On Monday, 1 August 2016 08:58:06 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> Thank you for your reply.
> I see. OK for the rules I bit understand now.
>
> For the alert actually I want to get alert from message that has level 3
> only. Is that possible to do so? or the way that I setup is incorrect?
>
> I read the docs that alert have several conditions, but I'm not really
> understand how to set it up:
> - Message count condition
> - Field value condition
> - Field string value condition
>
> I want to get the alert early rather that stare on the dashboard actually.
> :D
>
> The Stream rules that I created is receiving log msg from Windows Server.
>
> On Monday, August 1, 2016 at 2:47:54 PM UTC+8, Jochen Schalanda wrote:
>>
>> Hi Arief,
>>
>> the stream with the rule you've described ("level must be exactly 3")
>> should be fine.
>>
>> The alert condition you've created is wrong, as "level:3" is not a field
>> (but "level" is). What exactly do you want to achieve with the alert
>> condition?
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 1 August 2016 05:55:54 UTC+2, Arief Hydayat wrote:
>>>
>>> Dear all,
>>>
>>> I'm trying to get the *Error (level: 3)* log message only for now. So I
>>> tried to create new stream with rules* level must match exactly 3*
>>>
>>>
>>> and then, on the Manage Alerts I tried to setup new alert using Field
>>> value condition something like below:
>>>
>>>
>>> How do I can filtering the message that I need? Are all those steps that
>>> I did is the proper way to do?
>>>
>>> Thanks a lot for your help guys.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/445df887-f0aa-4e78-a783-4710beb69d42%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
