To mute whole streams alerts on non prod hours

Tafsir_Alam · November 13, 2018, 2:03pm

Hi All,

It’s Urgent please help me in this - Is there any way to mute stream alerts on non-prod hours i.e at night time. In our environment, we are getting alerts on Slack

Is there any plugin for this?
Can I mute all streams alerts through web-interface? Or
Through API-Browser?

Graylog version - 2.4.6
Elasticsearch Version - 5.6

Thanks all in advance.

jan · November 14, 2018, 6:55am

it is possible with a changed message processing. Because I did not know any plugin that would allow you to disable alerts for a given time you need to add a field to the messages that can act as a trigger - if the messages comes in during office our or not.

Like seen here: https://cdn.rawgit.com/jalogisch/OpenSourceDay2018/d3ffdebf/Presentation.html#29

But no “click and ready” solution.

Tafsir_Alam · November 14, 2018, 7:00am

@jan Thanks for the great info.

One question: We need to create Pipelining for this or its possible without pipelining ?

jan · November 14, 2018, 7:11am

We need to create Pipelining for this or its possible without pipelining

No without Pipelines that is not possible.

Tafsir_Alam · November 14, 2018, 7:28am

@jan It means the field set_field(“trigger_alert”, true); only active when it meets the condition i.e

rule “Between 0 and 6 o’clock”

when
  to_date($message.timestamp).hourOfDay >= 0 && 
  to_date($message.timestamp).hourOfDay <= 6

?

And after the we need to set alert on field “trigger_alert” ?

jan · November 14, 2018, 8:21am

You create a stream for the alert condition and only route the messages into this stream if trigger_alert is set.

Tafsir_Alam · November 14, 2018, 8:23am

Thanks @jan and I will try today.

Tafsir_Alam · November 14, 2018, 8:36am

@jan It’s giving error

What I need to change in the code if I want to apply rule from 4 AM PST to 7 PM PST

These are the fileds:

Tafsir_Alam · November 15, 2018, 6:27pm

I sorted out by using the following code

rule "Pipeline on Timing"
when
  to_long(to_date($message.timestamp).hourOfDay) >= 10 &&
  to_long(to_date($message.timestamp).hourOfDay) <= 5 

then
  set_field("Pipeline_Triggered_Condition", true);
end

@jan I want to schedule from 10 AM UTC to 5 AM UTC i.e for 19 hours only but above code did’t work. I think it’s checking greater than value ie if i write to_long(to_date($message.timestamp).hourOfDay) >= 5 && to_long(to_date($message.timestamp).hourOfDay) <= 10 then this will work. What I need to change in the code to schedule time between 10 AM UTC to 5 AM UTC.

Thanks

system · November 29, 2018, 6:27pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Disable Graylog Alert on specific time Graylog Central (peer support)	8	860	July 26, 2022
Alert Notification Graylog Central (peer support) pipeline-rules , route-to-streampl	5	1707	October 8, 2019
Get notifications from alerts that come during specific timeframe Graylog Central (peer support)	5	691	March 11, 2019
Graylog alerting per unique message Graylog Central (peer support) pipeline-rules , route-to-streampl	3	863	November 1, 2017
Disable Alert for specific time Graylog Add-ons	2	1141	November 12, 2018

To mute whole streams alerts on non prod hours

Related topics