Closed joruro closed 7 years ago
sgmorale
commented
7 years ago After testing, the Aggregates plugin available on the marketplace made by cvtienhoven does work for this purpose thou it would be great to see it implemented within the alerts framework.
joruro
commented
7 years ago @sgmorale the problem with the aggregate plugin is that it can't process the logs in real time because it is based on periodic searches to the database instead of using streams. Moreover, it´s more expensive performance wise.
Besides that, it does not send HTML alerts and that breaks a potential automated flow that you would want to implement
sgmorale
commented
7 years ago @joruro, absolutely agreed. That's why it would be great to see it implemented within the alerts framework which has those features there already.
I was messing around with that plugin and having it evaluate every minute is a notification nightmare, and the alternative is just doing the interval evaluation which is not ideal.
Even so, it is a workaround, but it would greatly benefit from how the Graylog Alerts work.
dennisoelkers
commented
7 years ago This is a duplicate. Closing this in favor of #683.
Having alert conditions based on the repetition times of a value inside a field of a message would be a very useful feature.
Imagine the following use case:
Every time that an user creates a new post, I'm logging this action on graylog with a message that has the
user_id. Now, I want be able to receive an alert if the user withuser_idX makes 10 posts in 1 minute.