The other way to do this would be to output to something like Riemann, particularly if you have (like we do) a very large number of hosts and don't want to configure a stream for each host.
The other reason streams may be impractical is if you have hosts being configured to send to Graylog that you don't necessarily know about. In my case most data comes from a few general purpose Syslog servers and any newly provisioned servers are pointed at Syslog without my knowledge. I'm trying to achieve a similar result in the other direction with Riemann at the moment, namely alerting on hosts that have a large spike in messages in certain circumstances. Hope that helps. Cheers, Pete On Wednesday, 15 July 2015 23:43:35 UTC+10, Jochen Schalanda wrote: > > Hi Juan, > > you can create multiple streams with messages coming from a certain server > (by filtering by the source field), one for each server, and then add a > message count alert condition to send you a message if there are no > messages within a certain timeframe in that stream; see > http://docs.graylog.org/en/1.1/pages/streams.html for details. > > Cheers, > Jochen > > On Wednesday, 15 July 2015 15:39:49 UTC+2, Juan Andres Ramirez wrote: >> >> Hello guys, >> It is possible by any way?. >> I need create an alert when any server stop send data for the last >> 20 minutes, for example. >> >> Thank you. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
