Show host ID via API GET request (alerts)

gsforza · July 24, 2019, 1:27pm

Hi there.

While it is possible to identify the host the alert got triggered by via the HTTP callback and the mail alert, it seems there is no way to identify the host via a GET request against the API.

Am I just blind, or is this actually the case?

To give some examples and clarify my question:

Email output

Date: 2019-07-23T15:04:29.271Z
Stream title: MySQL dumps
Stream URL: https://SERVER:9000/streams/5d36b9948b72d90fd1e609c4/messages?rangetype=absolute&from=2019-07-23T14:59:29.271Z&to=2019-07-23T15:04:29.271Z&q=*
Last messages accounting for this alert:

Source: HOST !!!!
Message: mysqldump: Got error: 1652
Timestamp: 2019-07-23T15:04:01.089Z

Via HTTP Callback

{
------------------------------------
    "triggered_at": "2019-07-23T15:04:29.271Z",
    "triggered": true,
    "matching_messages": [
      {
        "index": "graylog_67",
        "message": "mysqldump: Got error: 1652",
        "timestamp": "2019-07-23T15:04:01.089Z",
        "source": "HOST", !!!!
        "stream_ids": [
          "5d36b9948b72d90fd1e609c4",
          "000000000000000000000001"
        ],
------------------------------------

jan · July 25, 2019, 10:41am

is that field present in the data? how did you reference that in the mail?

gsforza · July 25, 2019, 11:41am

It is.

Date: ${check_result.triggeredAt}
Stream title: ${stream.title}
${if stream_url}Stream URL: ${stream_url}${end}

${if backlog}Last messages accounting for this alert:
${foreach backlog message}
Source: ${message.source}
Message: ${message.message}
Timestamp: ${message.timestamp}
${end}${else}<No backlog>
${end}
``

jan · July 25, 2019, 12:27pm

is the “HOST !!!” inserted by you or what you see in the message?

gsforza · July 25, 2019, 12:40pm

Yup, I just marked it that way to emphasize that one can identify the host via the mail + HTTP callback alert.

jan · July 25, 2019, 4:28pm

you actually would need to make the same query as the alert use against the api to get the exact messages returned. Just a command like “give me the messages that trigger the alert” is not (yet) given.

But feel free to create a feature request over at Github for this.

https://github.com/Graylog2/graylog2-server/issues?

gsforza · July 26, 2019, 7:06am

In documentation it says that the GUI is actually only using the API itself. So my question really is: Where do the email and HTTP alerts get the information and why does the API itself not have this? I searched through the API browser top to bottom and could not find anything remotly close to what the other two give me.

Can you elaborate on that, please?

jan · July 26, 2019, 8:29am

it does not have that available.

gsforza · July 26, 2019, 11:06am

Well, I understood that. But where do the other two alert functions get that information from?

system · August 9, 2019, 11:20am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.2 alert when host drops off Graylog Central (peer support)	2	367	September 3, 2020
Email Variabls to display HOSTNAME, IP, PROCESS, etc Graylog Central (peer support)	9	1889	July 2, 2019
HTTP Callback JSON Graylog Central (peer support)	3	871	February 13, 2020
Unable to view stream/message detail in email notification received Graylog Central (peer support)	2	1307	December 4, 2019
Alert ID in HTTP Alerts Graylog Central (peer support)	2	417	February 25, 2019

Show host ID via API GET request (alerts)

Related Topics