Maintenance mode feature

Hi there,

Here is a rather simple idea to help us with everyday tasks: Maintenance mode.

Say you list the sources and let us select one or many to go on maintenance mode. What it does is stop alerts being triggered for those sources. Note log ingest and processing remains the same so one can watch live or have them for record purposes, but no notifications are sent out.


he @dleguizamon

the latest Graylog has the Option to pause notifications/event processing.


With this you can disable the event processing while doing maintenance work.

Hi @jan,

First, thanks for the prompt reply.

Now before getting to issues, as I understand this is intended to disable ALL events caught by an event rule or all notifications triggered by one or many event rules. If so, this will affect alterting for multiple sources if we event rules cover multiple sources and/or notifications are used by multiple event rules, which I actually do both. What I had imagined is a way of preventing alerts for a particular source. What I currently do is add “AND NOT source:xxx” to each event rule checks logs for source xxx. This way I can still get alerts for other hosts. Hence, if I had an updated list of sources that I can “set to maintenance mode” and graylog adds in the background the appropriate filter to all Filter&Aggregation event rules, that would be a great tool. Not just for sources, but container names, etc.

So, I have taken the time to upgrade graylog as it’s been on the to-do list for too long. I have upgraded from 3.2.1-1 to 3.2.5-1. As a side note, I’ve also upgraded elasticsearch and mongodb to 6.810 and 3.6.18 respectively.

However, I cannot see the notification/event disable feature.

image image

Have I missed anything?

xxx@yyyy:~$ sudo dpkg --list | egrep 'elastic|graylog|mongo' | awk '{print $1 "  " $2 "     " $3}'
ii  elasticsearch     6.8.10
ic  graylog-2.5-repository     1-1
ic  graylog-3.0-repository     1-6
ic  graylog-3.1-repository     1-1
ii  graylog-3.2-repository     1-1
ii  graylog-enterprise-integrations-plugins     3.2.5-1
ii  graylog-enterprise-plugins     3.2.5-1
ii  graylog-integrations-plugins     3.2.5-1
ii  graylog-server     3.2.5-1
ii  mongodb-org     3.6.18
ii  mongodb-org-mongos     3.6.18
ii  mongodb-org-server     3.6.18
ii  mongodb-org-shell     3.6.18
ii  mongodb-org-tools     3.6.18

I’ve realised (short after hitting reply) that there is a v3.3
I will go thru the notes and upgrade

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.