Event condition with aggregation

Hello Friends. My first question in this community

I have a graylog3 node version 3.1.2+9e96b08, codename Quantum Dog with an elastic search cluster in the backend.

All is working fine, except the alerting. When i create an alert it works, but when i try to configure an alert based on aggregation it hangs. I show you in a picture

imagen.png1009×527 34.8 KB

When i click on “aggregation of results reaches a threshold”, browser hangs. It says “an script is slowing your browser…”. I don´t see any error in the log files, elasticsearch nodes are 10% busy, and graylog is also very low cpu.

I have tried with firefox, chrome and edge. Same result.

Anyone knows what can be happening? Or where to search?

Regards

Anyone has any clue? I can’t get it working, when y click on aggregation, browser hangs…

Try to create another filter definition with more specific search query, so web app won’t load much messages, save and update desired search query.

Hello

I have tried with several search queries with the same result.

I have tested with a search query with only 1 result in the past 30 days, with the same result.

When i click in “Aggregation of results reaches a threshold”, browser hangs.

Any other clue?

Regards

did you check if you get any related messages in your log files? Like elasticsearch or graylog?

Hi Jan

I have reviewed nearly everything, logs in elastic, logs in graylog, debug, network traces, any clue.

Today i have made a test. with firefox developer tools opened, i clicked in the button “Aggregation of results reaches a threshold”, and i realized that no request is sent to the server. When i clicked, nothing is sent from the browser to the server.

I have made a test from firefox browser (chrome and IE same behaviour), when i click in that button i see this

This thread is stuck at 25% CPU and it doesn´t end. And nothing is sent to graylog, so it’s a local script problem. But how to debug what is doing internally or why it’s stuck here?

Regards

1. Try to use latest Firefox (70)
2. Disable all plugins/extensions in Firefox
3. Create new profile using profile manager: firefox.exe -P -no-remote
4. Or reset your firefox profile to default Help - Troubleshooting - Refresh Firefox…
5. Do you use some load balancer, SSL offload, Nginx/Apache before graylog?
6. Do you use some antivirus/firewall with ssl encryption?

Hi shoothub

Try to use latest Firefox (70)
   Latest Firefox installed. But i have also tried with Chrome, IE and Edge, with the same behaviour. 
Disable all plugins/extensions in Firefox
Create new profile using profile manager: firefox.exe -P -no-remote
    Disabled all plugins/extensions in Firefox, and created a new profile. Same result. 
Or reset your firefox profile to default Help - Troubleshooting - Refresh Firefox…
Do you use some load balancer, SSL offload, Nginx/Apache before graylog?
    No. We are accesing graylog through default interface http://IP:9000
    I have also tried and configured nginx as reverse proxy from 80 to port 9000, same result 
Do you use some antivirus/firewall with ssl encryption?
      No, no firewall between. Tried also antivirus disable on PC 

I am trying to windbg de hang process, but not many clues… I am researching the hang thread, but the clrstack says that is in a noop operations, or it seems so.

Any other idea?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.