Thanks. Looks promising for many things. I think this can do what I'm looking for since it is aggregating by source - Name: TooManyMessagesFromOneSource - Stream: syslog - Query: * - Field : message - Matches : more or equal - Number: 100,000 - Interval: 60min - Email receivers: [email protected]
The current version 0.0.11 requires graylog 2.0+ Since my Prod one is still 1.3.2, checking if their prior vers like 0.0.7 has it... I've built a 2.0.2 ver but I have problems with getting SSL to work with a load balancer in front (with SSL passthru). I'll try rebuilding it all with 2.1 and see if that works better. Also had issues with elasticsearch index directory disappearing each time graylog did the rotating... not sure if graylog issue or es issue or something else. Thanks, On Thursday, September 8, 2016 at 8:07:00 AM UTC-4, Ben Scott wrote: > > Have you had a look at this plugin? > > https://marketplace.graylog.org/addons/0d01a899-138a-4f77-a9e7-04be4cc5e190 > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1d5e2836-4e22-4b59-89c1-c2da8a92ea51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
