hi,
we defined our first alerts but all alerts works only once ( found stuff, send email)
but then they stuck in status running. And the Alert & Events does not show old Alerts or Events.
Hello && Welcome
Its hard for me to tell what the issue is. From what you posted it could be a few different things. Perhaps posting your full configuration of the Event Definition would help and/or anything pertaining to this issue.
-Thanks
Hello,
Thanks for the picture, but they were hard to see.
Have you tried putting quotes around your Search Query ?
Example: “OTTO”
What it seams from the pictures is it continuing to to search for OTTO and it has no way to stop. Looking at the error on the right side of the picture for your Filter & Aggregation , not sure what that’s all about. Meaning did you produce that error or was that error already there ? If that’s the message/s in the stream your wanting to run a search query then you can configure Filter & Aggregation by adding something in the Aggregation section. Since the messages are being filtered into a specific stream already you could use Group by Fields or Create Events for Definition by count.
Next picture “Notifications”
Have you tried something simple like enabling grace period to “0” and put like 5 Message Backlog?
From the statement above it seams that all your messages might be the same, if so then why not place a count on you notification and show one message from that stream? Just an Idea.
NexT
Have you check in your log files (i.e. Graylog , elasticsearch, MongoDb. maillog, etc…), if so did you find anything that may pertain to this issue?
Conclusion:
It may have to do with your Event Definition configuration that was made.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
