I’m using Graylog V3.1.2 with an enterprise plugin.
I created a correlation rule that triggers alert whenever two events occur.
When I’m looking at the “All events” stream and find the correlation event in the origin_context property I’m getting only the last event that triggered this rule.
I have the same problem with aggregation rules that I’m not getting the origin_context for them.
Is there a way to see all original events that triggered the correlation rule or aggregation rules?
Thank you.
