I am also facing same issue, not sure if there is any solution to deal with it. Any thoughts?
Regards, Jay On Tuesday, April 12, 2016 at 11:13:31 PM UTC+5:30, David Rux wrote: > > Hey all, > > I have a stream that's set to send an email whenever an alert is triggered > that matches a channel. The email is received and all is well but graylog > seems to group a series of events together before sending the email. Is > there any way to change this? Basically I want an email whenever an event > matching the criteria hits that stream. One email per event. Does anyone > know if that's possible? My alert condition is as follows: > > Trigger alert when a message arrives that has the field > > > set to and > then wait at least minutes until triggering a new alert. (grace period) > When sending an alert, include the last messages of the stream evaluated > for this alert condition. > > I would have thought that a 0 minute grace period would do this but I > tested it and graylog lumped 4 backlog messages into the email where I > wanted 4 emails with one event in each. When I set the number of included > messages to 1, I only get one email with one alert and it seems to ignore > the other events that I triggered despite being logged on the dashboard. > > Thanks, > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/86fd3ae3-26e2-41cf-8f0b-bbaf1a6628f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
