Sample alert for Graylog
Snapshot of the entity when an event occurs in Graylog.
The sample alert becomes available after you generate the webhook.
{
"event_definition_id": "***********************",
"event_definition_type": "aggregation-v1",
"event_definition_title": "Demo Event Definition",
"event_definition_description": "Demo Event Definition Description",
"job_definition_id": "***********************",
"job_trigger_id": "***********************",
"event": {
"id": "*************************",
"event_definition_type": "aggregation-v1",
"event_definition_id": "***********************",
"origin_context": "urn:graylog:message:es:testIndex_42:********-****-****-****-************",
"timestamp": "2022-06-28T05:02:30.472Z",
"timestamp_processing": "2022-06-28T05:02:30.472Z",
"timerange_start": null,
"timerange_end": null,
"streams": [],
"source_streams": [
"000000000000000000000001"
],
"message": "Demo Event Definition: ***.**.*.*** - count()=5.0",
"source": "ip-***-**-*-***.us-east-2.compute.internal",
"key_tuple": [
"***.**.*.***"
],
"key": "testkey",
"priority": 1,
"alert": true,
"fields": {
"source_ip": "***.**.*.***"
},
"group_by_fields": {
"source_ip": "***.**.*.***"
}
},
"backlog": []
}