Pause all alerts at once

Hi,
I am looking for a way to pause all alerts at once. Can we do this using REST API or using curl?

Graylog Version: 3.3.2

Thanks

You can disable all events, which will also disable notification for alerts using this little python script:

import requests
from requests.auth import HTTPBasicAuth

user = 'admin'
password = 'ADMIN_PASWORD'
change_state = 'disable'  # enable

# Get all events
all_events = requests.get(
    'http://172.28.128.4:9000/api/events/definitions',
    auth=HTTPBasicAuth(user, password))

# Iterate all events
for r in all_events.json()["event_definitions"]:
    print(r["id"], r["title"])
    event_id = r["id"]
    if change_state == 'enable':
        new_event_state = 'schedule'
    else:
        new_event_state = 'unschedule'

    change_event = requests.put(
        'http://172.28.128.4:9000/api/events/definitions/' +
        event_id + '/' + new_event_state,
        auth=HTTPBasicAuth(user, password),
        headers={"X-Requested-By": "cli"})

Python script gets id of all events, and iterate them and disable or enable event by id.
Replace:

  • change user and password
  • http://172.28.128.4:9000 with your real graylog server URL
  • change_state = 'disable' if you want to disable all events, or enable if you want enable them all

Thanks, @shoothub for the quick response. Let me execute this script in my environment.

@shoothub event_definitions will only work for the Graylog version 3.3.2
I have another Graylog account configured and the version is 3.0.2
What we can use in the Python script for version 3.0.2 to disable the alerts at once?

Thanks

Sorry I don’t have graylog 3.0 version, and don’t know if is possible the same way… probably no, because they changed the way how alerts works in in 3.2 or 3.3.

Check in 3.0 if there is a option to disable event in web gui, if yes, it should work also from API.

@shoothub I already checked 3.0 and there is no option to disable event in web UI :pensive:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.