Graylog > Alerts > Conditions not registering any alerts at all

anmolsharma · August 3, 2018, 4:01pm

Using Graylog = 2.4.5.

I am using
Condition Type : Field content Alert Condition
Condition Definition : Field = “state” , Value = “failed” , Grace Period = “0” , Message Backlog = “1”

Problem:
Even when this condition satisfies, there is no alerts shown in the alerts section, therefore, neither I am getting any alerts on email. Please help/suggest, what can I do to solve/debug this problem? Example image is as shown below:

Message is like shown in the image below:

anmolsharma · August 4, 2018, 9:35am

@jan Please respond. Needed help!!

jan · August 7, 2018, 9:55am

did you checked the correct stream with the alerts?

anmolsharma · August 7, 2018, 10:17am

@jan I am sure that stream connected to alert condition is correct.

Actually, the flow of message is like:
Beats add a field called “rundeck” with value “executionslog” to the message.
Based on this field value, the message goes into the stream (let’s say “Runceck : Executions Log”).
This stream is connected to the pipeline, which extracts and set a field “state” with value either “failed” or “succeed” based on message content.

In the Alerts section, I have created a condition (Field content Alert Condition) on this stream (Rundeck : Executions Log). As per the definition of the condition, an alert should be generated/registered, but it is not happening.

I have tried testing it with different fields and their values satisfying alert condition but getting no alert at all.

jan · August 7, 2018, 2:04pm

did you change this setting?

github.com

Graylog2/graylog2-server/blob/2.4/misc/graylog.conf#L456-L458


# Length of the interval in seconds in which the alert conditions for all streams should be checked
# and alarms are being sent.
#alert_check_interval = 60

Did you have any kind of alerts working and only this fails or are all not working?

anmolsharma · August 9, 2018, 12:45pm

@jan
alert_check_interval was set as 1 second earlier. Now, I set it to 30 seconds and the Alerts for Field Content are registering now.

Earlier, even with alert_check_interval = 1, Message Count Alert Condition was working fine.

Can you please brief, Why Field Content Alert Condition was not working with alert_check_interval = 1?

jan · August 10, 2018, 6:48am

Alerts are automated searches and with the check interval set to 1 second the search is done every second - if the search does not return before the next run the status will be overwritten and it never returns with a result.

It is save with running every 60 seconds - the default - shorter times might behave different.

system · August 24, 2018, 6:48am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alerts not firing Graylog Central (peer support)	0	421	May 5, 2017
Field Content Alert Conditions Not Triggering Graylog Central (peer support)	6	1585	February 27, 2019
Some of the alert fields are empty Graylog Central (peer support) pipeline-rules	3	666	August 3, 2021
Alert condition not working Graylog Central (peer support)	1	513	March 5, 2018
Alerting Not Working 2.1.3 Graylog Central (peer support)	11	1425	July 25, 2017

Graylog > Alerts > Conditions not registering any alerts at all

Related Topics