Alert if unprocessed message count is above a certain number

lmm5247 · November 17, 2020, 3:36pm

I run Graylog 3.3 in Docker at home on a single server. Sometimes my disk usage gets high on the Docker host, and as such, Elasticsearch goes read-only.

When this happens, I’m able to see the number of unprocessed messages on the Nodes page (screenshot below).
Screenshot_20201117_103342

I’m able to manually set my Elasticsearch cluster back to read-write, and then Graylog starts processing messages again.

Is there a search I can use to alert me when unprocessed messages crossed a specific threshold? For example: unprocessed_messages > 2000?

ttsandrew · November 17, 2020, 3:50pm

Hello @lmm5247,

I don’t believe there’s anything you can use directly built in, but we do this by monitoring via the API. For uncommitted messages, the following would work:

curl -u api_username -H ‘Accept: application/json’ -X GET ‘https://graylogserver.yourdomain.suffix:9000/api/system/metrics/org.graylog2.journal.entries-uncommitted’

If the above doesn’t work you can try with http or using the --insecure switch.

Hope this helps.

lmm5247 · November 17, 2020, 6:03pm

Thanks, that’s what I need!

system · December 1, 2020, 6:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get alerts when unprocessed messages reaches limit Graylog Central (peer support) alert , automation	3	683	January 31, 2023
Unprocessed messages Graylog Central (peer support)	9	2185	January 8, 2018
Unprocessed messages is constantly increasing Graylog Central (peer support)	4	4625	June 24, 2020
Graylog journal error Graylog Central (peer support)	2	325	August 31, 2022
Negative number of Unprocessed Message Graylog Central (peer support)	3	2013	August 22, 2020

Alert if unprocessed message count is above a certain number

Related topics