Maintenance mode feature

dleguizamon · June 4, 2020, 4:07pm

Hi there,

Here is a rather simple idea to help us with everyday tasks: Maintenance mode.

Say you list the sources and let us select one or many to go on maintenance mode. What it does is stop alerts being triggered for those sources. Note log ingest and processing remains the same so one can watch live or have them for record purposes, but no notifications are sent out.

Cheers,

jan · June 5, 2020, 7:56am

he @dleguizamon

the latest Graylog has the Option to pause notifications/event processing.

With this you can disable the event processing while doing maintenance work.

dleguizamon · June 5, 2020, 7:08pm

Hi @jan,

First, thanks for the prompt reply.

Now before getting to issues, as I understand this is intended to disable ALL events caught by an event rule or all notifications triggered by one or many event rules. If so, this will affect alterting for multiple sources if we event rules cover multiple sources and/or notifications are used by multiple event rules, which I actually do both. What I had imagined is a way of preventing alerts for a particular source. What I currently do is add “AND NOT source:xxx” to each event rule checks logs for source xxx. This way I can still get alerts for other hosts. Hence, if I had an updated list of sources that I can “set to maintenance mode” and graylog adds in the background the appropriate filter to all Filter&Aggregation event rules, that would be a great tool. Not just for sources, but container names, etc.

So, I have taken the time to upgrade graylog as it’s been on the to-do list for too long. I have upgraded from 3.2.1-1 to 3.2.5-1. As a side note, I’ve also upgraded elasticsearch and mongodb to 6.810 and 3.6.18 respectively.

However, I cannot see the notification/event disable feature.

Have I missed anything?

xxx@yyyy:~$ sudo dpkg --list | egrep 'elastic|graylog|mongo' | awk '{print $1 "  " $2 "     " $3}'
ii  elasticsearch     6.8.10
ic  graylog-2.5-repository     1-1
ic  graylog-3.0-repository     1-6
ic  graylog-3.1-repository     1-1
ii  graylog-3.2-repository     1-1
ii  graylog-enterprise-integrations-plugins     3.2.5-1
ii  graylog-enterprise-plugins     3.2.5-1
ii  graylog-integrations-plugins     3.2.5-1
ii  graylog-server     3.2.5-1
ii  mongodb-org     3.6.18
ii  mongodb-org-mongos     3.6.18
ii  mongodb-org-server     3.6.18
ii  mongodb-org-shell     3.6.18
ii  mongodb-org-tools     3.6.18

dleguizamon · June 5, 2020, 7:12pm

I’ve realised (short after hitting reply) that there is a v3.3
I will go thru the notes and upgrade

system · June 19, 2020, 7:12pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How To Suppress Email Notification Graylog Central (peer support)	2	1163	September 25, 2019
No Event / Alert fired Graylog Central (peer support)	1	541	March 23, 2020
Alerts stuck in Status: running Graylog Central (peer support) basic-configuration , alert	6	388	February 21, 2022
Alert events not trigger since graceful shutdown Graylog Central (peer support) alert	2	585	January 6, 2023
Graylog filtering logs issue Graylog Tech Challenges	3	1366	July 9, 2021

Maintenance mode feature

Related topics