"Field content value condition" unable to trigger alerts

Graylog2 / graylog2-server

Free and open log management

https://www.graylog.org

Other

7.33k stars 1.06k forks source link

"Field content value condition" unable to trigger alerts #2239

Closed sumit-sngpt closed 8 years ago

sumit-sngpt commented 8 years ago

Problem description

We are trying to configure alert based on "Field content value condition" but its failing to trigger any alert despite similar events getting into that stream. How to debug the issue?

Steps to reproduce the problem

Field content value condition

Alert is triggered when messages matching <-----> are received. Grace period: 0 minutes. Including last message in alert notification.

Environment

Graylog Version: 2.0.1

dennisoelkers commented 8 years ago

Do you see any errors in your Graylog server log? Is there anything special with the value you are matching against?

sumit-sngpt commented 8 years ago

Nothing that is evident at server logs. The values are just string against which its matching like eventName:"xyz"

jalogisch commented 8 years ago

@sumit-sngpt did still have the issue?

did you check if the message maybe contain leading whitespace?

I will close this issue - if the problem is still present, please reopen and provide us details how we can reproduce.

thank you