Alert if unprocessed message count is above a certain number

lmm5247 · November 17, 2020, 3:36pm

I run Graylog 3.3 in Docker at home on a single server. Sometimes my disk usage gets high on the Docker host, and as such, Elasticsearch goes read-only.

When this happens, I’m able to see the number of unprocessed messages on the Nodes page (screenshot below).
Screenshot_20201117_103342

I’m able to manually set my Elasticsearch cluster back to read-write, and then Graylog starts processing messages again.

Is there a search I can use to alert me when unprocessed messages crossed a specific threshold? For example: unprocessed_messages > 2000?

ttsandrew · November 17, 2020, 3:50pm

Hello @lmm5247,

I don’t believe there’s anything you can use directly built in, but we do this by monitoring via the API. For uncommitted messages, the following would work:

curl -u api_username -H ‘Accept: application/json’ -X GET ‘https://graylogserver.yourdomain.suffix:9000/api/system/metrics/org.graylog2.journal.entries-uncommitted’

If the above doesn’t work you can try with http or using the --insecure switch.

Hope this helps.

lmm5247 · November 17, 2020, 6:03pm

Thanks, that’s what I need!

system · December 1, 2020, 6:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unprocessed messages Graylog Central (peer support)	9	2112	January 8, 2018
Unprocessed messages is constantly increasing Graylog Central (peer support)	4	4187	June 24, 2020
Graylog journal error Graylog Central (peer support)	2	273	August 31, 2022
Negative number of Unprocessed Message Graylog Central (peer support)	3	1817	August 22, 2020
Graylog Shows Various Unprocess Message Count Graylog Central (peer support)	1	971	April 19, 2017

Alert if unprocessed message count is above a certain number

Related Topics