Hello
I want to generate an email report on our syslog once every 15 minutes listed down with the events on that time frame. I don't want an email for every syslog.
Sort of a Rollup email that includes whatever was seen in the last 15 minutes.
EG: if 1 Syslog in last 15 minutes 1 Email with those.
10 syslogs in last 15 minutes 1 Email with those.
20 syslogs in last 15 minutes 1 Email with those
Thank you, any help much appreciated.
Create a search over the last 15 minutes. Save it as an alert. Schedule it to run every 15 minutes.
Set it so it sends one notification per run.
Awesome, Thanks ! I tested it out. Works really good.
I would like to get this report to multiple syslogs. I only did for one (lets say host 'alpha') :
host = "alpha" 01070638
so lets say if i have bravo, charlie, echo.. etc. Do i use as,
host = "alpha" 01070638 or host = "bravo" 01070638 or host = "charlie" 01070638... etc. ?
OR should be capitalized and the number / numerical string "01070638" you're searching for only needs to be entered once.
Like this
host=a OR host=b OR host=c 0123456789
Thanks again dude 🙂