For example I made an alert.
My stream had some messages, I created an alert
*Configuration:* Alert is triggered when there are more than 2 messages in
the last minute. Grace period: 1 minute. Including last message in alert
notification.
But this alert has never been triggered.
Another example:
I searched a string using query:
{
"from": 0,
"size": 150,
"query": {
"bool": {
"must": {
"query_string": {
"query": "message:\"USER WITH LOGIN\"",
"allow_leading_wildcard": false
}
},
"filter": {
"bool": {
"must": {
"range": {
"timestamp": {
"from": "2017-02-20 16:30:08.806",
"to": "2017-02-20 16:31:08.806",
"include_lower": true,
"include_upper": true
}
}
}
}
}
}
},
1 minute range.
This query showed me 4 messages, then I created Count widged - "Add count
widget to dashboard" and this widget always shows me 0, although I see messages
using such search query.
When I try to use 2 (and so on) minute time range - everything is ok.
On Monday, February 20, 2017 at 5:56:31 PM UTC+2, Jochen Schalanda wrote:
>
> Hi,
>
> what exactly do you mean with "both of them don't work"?
>
> How did you configure the alert conditions?
> What did you expect to happen?
> What did actually happen?
>
> Cheers,
> Jochen
>
> On Monday, 20 February 2017 16:20:43 UTC+1, vadimv Vatlin wrote:
>>
>> Hello.
>>
>> I have some strange problem.
>>
>> I try to use 1 minute time range in alerts and dashboard count widget,
>> and both of them don't work.
>>
>> Timerange:{ "type": "relative", "range": 60 }
>> server.conf:alert_check_interval = 30
>>
>> what is the problem?
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/7e280363-4317-4034-961c-ac5604230652%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
