Hello,
I am using Graylog 2.4.3 and have installed it from an OVA. I have tried to configure several alerts and I can’t seem to get them to trigger and the condition is there. I have followed the instructions in the docs with no luck. It seems simple enough? I have the stream configured, the stream rule configured, I’m alerting on that stream with a message count alert, notifications are configured. I have tested the packet against the stream and it will use that stream. I have restarted it several times. Please let me know what logs I can provide.
The “test” notifications are working and are delivered via smtp.
Please provide the complete configuration of the streams, the alert conditions, the extractors and pipeline rules you’re using, and some example messages.
In reading the documentation we discovered that the message processors must be in the right order and wanted to know if we have the message filter chain processed first if we still have a pipeline processor? We did not have a pipeline configured.
Thank You jochen we figured it out. The device we were trying to alert on the time was ~5min behind. Once we expanded the alert from 1 min to 5 min the alert worked. Then we corrected the time.
