Alerts email quickly

Hi….

Why or how if I got this conditions on my alert event, the events just accumulate and send all notification alerts every hour?. I want to received quickly after query search and found a hit.

Filter & Aggregation

Type

Filter

Search Query

Insufficient system resources

Streams

All messages

Search within

1 minutes

Execute search every

1 minutes

1 Like

When the option “Filter has result” ist set, you can get a email for every event.

that’s not happend… that’s why i’m asking… and sorry I rectify… this happend every 30min not 1hour as before but anyway… it’s 30min later after event… .

dear @emper0r

did you notice that we already have some threads about the topic? Did you checked if your environment has the same source of problem? Did you checked if that will be fixed in the upcoming bugfix release?

It might have multiple reasons and you need to find the root in YOUR environment yourself, we can only give guidance by guessing and from what you have provided, guessing is impossible.

thx
Jan

I have the same problem. Alert mail notifications are accumulated and sent once in a while, like 40 minutes after Alerts fired. All this started after upgrade to 3.1.

Can you please suggest which loggers should be set to DEBUG or TRACE in log4j.xml so I can debug the problem in my environment?

you should first check the events you have configured logical and check if you have the latest version (3.1.3 at the time of writing) as this include some fixed …

What do you mean by “logical”? I have 2 facts:
1st fact that Alerts are generated in Graylog in time and according to expected logic and I see them in Graylog.
2nd fact is that Notifications submission to the mail server happened 40 min after the Alert happened, submission happened in a batch.
I updated to 3.1.3 (was 3.1.2) yesterday. Yet, I would like to add more logging as if the problem repeats - greylog logs have pretty much no info.

he @denis.zvonov

fromt he previous given information it was not visible that the event is create in time and with the given logic but that the notification is having an issue.

Did you checked in your Mail server logs if that messages was received in time but delivered later? Does the “test notification” you can start in the Graylog UI is delivered directly?

Hi Jan,
Yes, I checked my mail server. As I mentioned, the mails were submitted to the mail server from Graylog with the great delay after Alert generation.
Test notifications usually worked fine (immediate arrival), but I have not tried them recently, and now I upgraded and restarted the server.

do you mind opening a bug report over at github?

It does not look right from the given information.

Do I have rights for that (and where is it at all)? Sorry, I am new to this community.

He @denis.zvonov

sorry for not providing the link - https://github.com/Graylog2/graylog2-server/issues

We have issue templates that will guide you to include all necessary information.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.