-
I am new to elastalert2. What I am trying to accomplish here is that send a summarized email for the day where I will show all error log messages if that particular log message occurs more than 10 times. I want to show the log message and the number of occurrences in a tabular view as email content. So far I have accomplished to send error logs with its aggregated count based on log message. Here is the rule file content.
However, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
To accomplish this:
You would change num_events to 10 and add
|
Beta Was this translation helpful? Give feedback.
I could not find the total count. Instead I have used aggregation period to count the number of instances where num_events equals to 10.