Graylog: Alerting

How to send Graylog alerts by email, Slack, or Mattermost

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

Graylog enables you to respond proactively to specific conditions by sending alerts through notifications. These notifications can be delivered via email, Slack, Mattermost, or an HTTP webhook.

For more information about alerts, you can consult the official documentation.

Configuring email notifications

Every Graylog instance provided by Stackhero comes with a built-in email server, allowing you to send unlimited emails directly from your instance at no extra cost.

To set up an email notification, you can follow these steps:

  1. Access your Graylog service, go to Alerts > Notifications, and click the Get started! button or select Create notification.

  2. Enter a title for your notification and select Email Notification under Notification type.

  3. In the Sender field, enter noreply@<yourGraylogDomain>. Make sure to replace <yourGraylogDomain> with your actual Graylog domain name, which is usually in the format <XXXXXX>.stackhero-network.com.

    Important: Be sure to use your Graylog domain to avoid errors when sending emails.

  4. Enter the email address where you want to receive alerts in the Email recipient field.

    Example of email configurationExample of email configuration

  5. Click the Execute test notification button to check that everything is working properly. Once the test is successful, complete the setup by clicking Create.

Congratulations! Your email notification is now configured and operational!

Handling the error: "Sending the email to the following server failed: postfix:25"

If you encounter the error Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed: postfix:25, it likely means the sender field is not properly formatted. It should follow the pattern <something>@<yourGraylogDomain>. "Something" can be anything (for example, "noreply"), but "yourGraylogDomain" must match your Graylog service domain, usually in the form <XXXXXX>.stackhero-network.com.

Configuring Slack and Mattermost notifications

To set up a Slack or Mattermost Cloud notification, you first need to obtain an "incoming webhook" from Slack or Mattermost Cloud.

Getting an incoming webhook URL from Slack

For Slack users, go to https://api.slack.com/apps and click Create New App. Fill out the form, validate it, then select Incoming Webhooks and enable them. Click Add New Webhook to Workspace and copy the Webhook URL for use in the next steps.

Getting an incoming webhook URL from Mattermost

If you prefer Mattermost Cloud, the open-source alternative to Slack, go to your Mattermost interface. From the main menu, select Integrations, then Incoming Webhooks, click Add Incoming Webhook, and complete the form. You will be provided with a URL in the format https://<domain>/hooks/<token> to copy for later use.

Configuring the notification

Before configuring Slack and Mattermost Cloud notifications, make sure the Integrations plugin is enabled in the Stackhero dashboard. To do this, select your Graylog service, click Configure, activate the Integrations plugin, and confirm the configuration.

Once the plugin is enabled, go to your Graylog instance under Alerts, Notifications, and click Get started! or Create notification.

Give your notification a title and select Slack Notification under Notification type. Paste the incoming webhook URL you obtained from Slack or Mattermost into the Webhook URL field.

Example of a Slack/Mattermost configurationExample of a Slack/Mattermost configuration

Click the Execute Test Notification button to verify everything is working, then finalize by clicking Create.

Congratulations, your Slack/Mattermost notification is now set up and ready to use!

Other articles for Graylog

  1. Introduction
    Introduction to Graylog, everything you need to know about it
  2. Getting started
    How to get started with Graylog
  3. Choose input types
    How to choose the right Graylog input type
  4. Configure inputs
    How to configure Graylog inputs
  5. Manage retention
    How to configure log retention
  6. Enterprise licence
    How to manage your Graylog Enterprise licence
  7. Data mapping issues
    How to resolve Graylog index data mapping problems
  8. Using with Node.js
    How to send logs from Node.js to Graylog
  9. Using with Dot NET
    How to send logs from .NET/Serilog to Graylog
  10. Using with Python
    How to send logs from Python to Graylog