Can Graylog set up an alert that triggers on a # of messages PER HOSTNAME?

Question

I have a multi-tenant app, and I'd like to be able to have Graylog alert on things per tenant (essentially per hostname).

So for example, rather than just doing this (which would aggregate data across all tenants):

Alert when more than 10 messages in the last 60 minutes

I really want:

Alert when more than 10 messages FOR ANY GIVEN HOSTNAME VALUE in the last 60 minutes

I know I could set up an individual stream per host, but that seems... yucky. And time consuming given that it'd have to be done for each new customer we bring on board.

score 0 · Answer 1 · answered Oct 10 '17 at 10:22

0

As of Graylog 2.3.1, you would have to create a stream per host you want to monitor.

answered Oct 10 '17 at 10:22

joschi

21,387
3
47
50

Can Graylog set up an alert that triggers on a # of messages PER HOSTNAME?

1 Answers1