Hi Jochen, OK noted. Let me give a try first. I create an alert:
Then after 5 minutes I receive the email alert from Graylog: ########## Alert Description: Stream had 500 messages in the last 5 minutes with trigger condition more than 1 messages. (Current grace time: 0 minutes) Date: 2016-08-01T09:49:33.335Z Stream ID: 578487e3df0096104a32a112 Stream title: Testing-Alert Stream description: Set alert test *Stream URL: http://graylog-test.net/streams/578487e3df0096104a32a112/messages?rangetype=absolute&from=2016-08-01T09:44:33.335Z&to=2016-08-01T09:49:33.335Z&q=** Triggered condition: a1facab9-b979-40df-94da-60769a1f1bd2:MESSAGE_COUNT={time: 5, threshold_type: more, threshold: 1, grace: 0}, stream:={578487e3df0096104a32a112: "Testing-Alert"} ########## <No backlog> I click on the *Stream URL* and its gives me list of the message with *level:3* from various sources: OK. these is what I want. So from here I can analyze the data for *level:3 message* only rather that query them in the search right? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a5c27811-d7b1-40b9-9fb4-e862ecc4a21d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
