Graylog - Event Definitions

We have five main event definitions to create an alerts. You can increase and configure the events depends on your needs.

1. Admin Panel Events

  • Condition Type: Filter & Aggregation
  • Streams: CDMP Admin Panel Only
  • Search within the last: 1 minutes
  • Execute search every: 1 minutes
  • Create Events for Definition if: Aggregation of results reaches a threshold
  • Rule: count() > 0
  • Notification: CDMP Admin Panel Error Alert Email
  • Notification / Grace Period: Unchecked
  • Notification / Message Backlog: Checked, 1

2. Level 2 Service Errors FATAL

  • Condition Type: Filter & Aggregation
  • Search Query: level:"2"
  • Streams: CDMP Services
  • Search within the last: 1 minutes
  • Execute search every: 1 minutes
  • Create Events for Definition if: Aggregation of results reaches a threshold
  • Rule: count() > 0
  • Notification: CDMP Service Error Alert Email - Level 2 FATAL
  • Notification / Grace Period: Unchecked
  • Notification / Message Backlog: Checked, 1

3. Level 3 Service Errors ERROR

  • Condition Type: Filter & Aggregation
  • Search Query: level:"3"
  • Streams: CDMP Services
  • Search within the last: 1 minutes
  • Execute search every: 1 minutes
  • Create Events for Definition if: Aggregation of results reaches a threshold
  • Rule: count() > 0
  • Notification: CDMP Service Error Alert Email - Level 3 ERROR
  • Notification / Grace Period: Unchecked
  • Notification / Message Backlog: Checked, 1

4. Level 4 Service Errors WARNING

  • Priority: Low
  • Condition Type: Filter & Aggregation
  • Search Query: level:"4"
  • Streams: CDMP Services
  • Search within the last: 1 minutes
  • Execute search every: 1 minutes
  • Create Events for Definition if: Aggregation of results reaches a threshold
  • Rule: count() > 0
  • Notification: CDMP Service Error Alert Email - Level 4 WARNING
  • Notification / Grace Period: Unchecked
  • Notification / Message Backlog: Checked, 1

5. Postgres DB Errors

  • Condition Type: Filter & Aggregation
  • Search Query: postgres_error:"1" AND NOT message: VACUUM AND message:"> ERROR" OR NOT message: "recovery is in progress"
  • Streams: CDMP Database Error Logs
  • Search within the last: 1 minutes
  • Execute search every: 1 minutes
  • Create Events for Definition if: Aggregation of results reaches a threshold
  • Rule: count() > 0
  • Notification: Email Postgres Errors
  • Notification / Grace Period: Unchecked
  • Notification / Message Backlog: Checked, 1