Description
Proposal:
To extend the notebook functionality for alerting and to visualise syslogs inside of influxdb2, it would be helpful if the functionality would be extended to allow for the ability to parse syslog strings and create an alert based on the where the syslog came from and if it contained specific string content.
Current behavior:
When creating an alert with a syslog record the "create alert" box shows the options for:
For: "syslog"
When: "message" Is: ["Equal to", "Not Equal To" etc.]
Check Every: [time]
Notification: [notification method]
Desired behavior:
Adding of some additional fields so that if the message contains a specific string then an alert could trigger OR if a message contains a specific string on a specific host then an alert could be triggered.
suggested fields to be added: ["Message Contains", "Message Equal To", "AppName Equals", "HostName Equals"]
For: "syslog"
When: "message" Is: ["Message Contains"] "pam_unix(systemd-user:session): session opened for user"
AND When: "message" Is: ["HostName Equals"] "example_host_1"
Check Every: [time]
Notification: [notification method]
Alternatives considered:
I had been looking at other options like ELK which I tend to find high maintenance or Splunk which is overkill for my and many peoples use case, I would much rather keep everything inside of Influxdb as I think its more then capable of managing my environments and logging needs.
Use case:
For people who are not looking for a bloated logging solution but would still like the ability to parse syslog messages and if specific strings are found within a message or a message from a specific host a notification or http request can be created by influx and sent to the designated receiver.
This would allow a quick and easy central logging system to be setup for users also further intrenching InfluxDB as the tool of choice for logging, monitoring and alerting.