I am currently using Graylog 5.0.5.
I have created an Event Definition, and the filtered logs are visible in the filter preview.
However, no actual alerts are being triggered.
The defined event is as follows:
{
_id: ObjectId(‘682c46ca79f484280a21bc4c’),
_scope: ‘DEFAULT’,
title: ‘MYSQL DEADLOCK’,
description: ‘MYSQL DEADLOCK’,
priority: 2,
alert: true,
config: {
type: ‘aggregation-v1’,
query: ‘*’,
query_parameters: ,
streams: [
‘6826d479516e3314eb44b92f’
],
group_by: ,
series: ,
conditions: {
expression: null
},
search_within_ms: 60000,
execute_every_ms: 60000
},
field_spec: {},
key_spec: ,
notification_settings: {
grace_period_ms: 3000,
backlog_size: 10
},
notifications: [
{
notification_id: ‘648ff7ffa178926815019125’,
notification_parameters: null
}
],
storage: [
{
type: ‘persist-to-streams-v1’,
streams: [
‘000000000000000000000002’
]
}
]
}
Is there a reason why this is happening?
I saw a suggestion in the Graylog community that index rotation might help, so I tried rotating the indexes, but the alert still doesn’t trigger.