Hello everyone!
I've configured logstash for parsing Nginx web-server log files.
There were email notifications generated in case of specific status code - 400,404,500 etc.
But now it generates hundreds/thousands mails per day as we have a lot of requests.
I didn't find any solution how define some time ranges for grouping events.
So if there any possibilities to reduce triggering each time alert by gathering, for example, once per hour/day all messages and send by one email?
Thanks in advance.