I’m using Graylog version 5.1.0+14ba491 and I’m having a delay in sending alerts, sometimes it arrives a few minutes apart or hours later.
Has anyone gone through this.
Hey @rodrigomanoel
I have a long time ago, sometimes its resources, timestamp or a configuration issue.
Alerts get delayed when Graylog is falling behind on data processing/indexing.
From an existing issue:
“everything is search based, so if the data isn’t getting in, presumably because the system is overloaded, it won’t be able to run alerts, because well they wouldn’t find anything. messages like
2022-01-19T12:31:36.150Z DEBUG [EventProcessorExecutionJob] Event processor <palo-deauth/616df603d4846155e9b57a55> couldn't be executed because of a failed precondition (retry in 5000 ms)mean that graylog knows it’s behind on data processing/indexing, so it will delay running the alert job until it’s reasonably sure it has processed data for the time range the alert is supposed to run.”
There was also an issue with alerts not being processed when message rate is very low. The fix is already in 5.1 though, so that doesn’t apply to your case.
I increased the memory of my graylog to see if the problem solves it and I’m waiting for the alerts to be sent.
My version is 5.1 but it is already asking to update again.
Do you want me to put some configuration file here?
Are you ingesting messages? At what rate?
Do you see any messages in the log that might be related?
Is this related to the delayed alerts? If not, please start a new topic.
Also, to get useful responses please provide as much information as possible on your setup, what you have already tried, etc. A generic error message is generally not enough to be able to provide any useful suggestions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.