Are blank results emailed in alerts?

SafeAF / enterprise-log-search-and-archive

Automatically exported from code.google.com/p/enterprise-log-search-and-archive

0 stars 0 forks source link

Are blank results emailed in alerts? #133

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Just a general question, but is it possible to set up an alert in ELSA so that, 
say, every hour the previous hour's worth of logs will have a query run on 
them, and if that query returns results then the alert will be emailed?

A possible use-case would be to send an alert if in the previous hour there 
were any windows events with eventid 4625.
Is that possible with the alert system as it is now?

Original issue reported on code.google.com by i...@pingas.org on 3 May 2013 at 7:15

GoogleCodeExporter commented 8 years ago

Yes, absolutely.  Search for eventid:4625.  When the search finishes, click 
"Result Options" and "Alert..."  and choose an hour interval.

Original comment by mchol...@gmail.com on 3 May 2013 at 9:07

Changed state: Done
Added labels: Type-Other
Removed labels: Type-Defect