graylog-plugin-alert-wizard icon indicating copy to clipboard operation
graylog-plugin-alert-wizard copied to clipboard
verified publisher icon airbus-cyber

Ability to create rules with a Graylog query

Open frantz45 opened this issue 1 year ago • 1 comments

When we started this plugin the only possibility to filter logs in an Event Definition were the Streams. But now Graylog can also use a query.

image

So when creating a rule with the Wizard we could also be able to set a query in addition to optionnaly use Streams.

frantz45 avatar Dec 15 '23 10:12 frantz45

  • In the wizard, add a "Search Query" field which corresponds to the "Search Query" of the event definition
  • allow the creation of a rule where there is only a Search Query, but no conditions (in which case the Event Definition Streams should be empty)
  • allow the creation of a rule with only condition, but no Search Query (like today)
  • allow the case where both are configured: the Event Definition Stream is connected to the Stream which carries the conditions

c8y3 avatar Jan 03 '24 08:01 c8y3

I confirm it's fixed in v6.1.0. Very cool feature thank you

frantz45 avatar Dec 24 '24 09:12 frantz45