Closed mbom2004 closed 7 years ago
jalogisch
commented
7 years ago That time is controlled in your server.conf
https://github.com/Graylog2/graylog2-server/blob/2.2.2/misc/graylog.conf#L437-L439
Alarms are more like a scheduled search not a wire on the stream that alarm on insert.
mbom2004
commented
7 years ago We want to create separate alerts for each message that meets the condition within the alert_check_interval. So if our alert_check_interval is 10 seconds and 5 messages come in which meet a condition, we want 5 separate alerts created. Currently only 1 alert is created. Is this possible?
jalogisch
commented
7 years ago hej @mbom2004
that is not in the way possible you like to have it. To get clarification what is possible you should probably re-read the documentation of alerts.
regards Jan
mbom2004
commented
7 years ago Will do, thank you for the quick response.
Created a Field Content Alert condition with the Repeat Notifications box enabled to send a notification each time the condition is evaluated. However, when two separate messages in the same stream, which meet the condition within a small time window, only one notification is created.
Expected Behavior
With the Repeat Notifications option enabled, a separate alert should be sent each time the condition is met.
Context
We are creating one stream for data and firing alerts from this stream. There will be instances where multiple messages in a stream meet a condition within a short time period. It would be ideal to have the condition fire an alert each time a condition is met, regardless of time frame.
Your Environment