search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.33k stars 1.06k forks source link

HTTP Alarm Callback is called with an empty messages list #2851

Closed fx00f closed 8 years ago

fx00f commented 8 years ago

In version graylog-2.0.3-1 problems were not

Expected Behavior

an array of "matching messages" can not be empty

Current Behavior

"matching_messages":[ ]

"check_result":{ "result_description":"Stream had 1 messages in the last 1 minutes with trigger condition more than 0 messages. (Current grace time: 0 minutes)", "triggered_condition":{ "id":"a5efca12-b6b3-4938-a499-df36db18eca1", "type":"message_count", "created_at":"2016-09-19T11:53:27.450Z", "creator_user_id":"admin", "title":"test", "parameters":{ "grace":0, "threshold_type":"more", "threshold":0, "time":1, "backlog":0 } }, "triggered_at":"2016-09-19T11:55:02.288Z", "triggered":true, "matching_messages":[ ] }, "stream":{ "creator_user_id":"admin", "outputs":[ ], "matching_type":"AND", "description":"test", "created_at":"2016-09-19T11:52:25.515Z", "disabled":false, "rules":[ { "field":"message", "stream_id":"57dfd179a1fbd80a013beab0", "description":"", "id":"57dfd19ea1fbd80a013bead8", "type":1, "inverted":false, "value":"10.8.2.114 INFO: Port 1 link down" } ], "alert_conditions":[ { "creator_user_id":"admin", "created_at":"2016-09-19T11:53:27.450Z", "id":"a5efca12-b6b3-4938-a499-df36db18eca1", "type":"message_count", "title":"test", "parameters":{ "grace":0, "threshold_type":"more", "threshold":0, "time":1, "backlog":0 } } ], "id":"57dfd179a1fbd80a013beab0", "title":"test", "content_pack":null } }

Possible Solution

Steps to Reproduce (for bugs)

  1. Stream
  2. Rules: message must match exactly 10.8.2.114 INFO: Port 1 link down
  3. Condition default: Message count condition
  4. HTTP Alarm Callback

    Context

Parsing alert and send telegram bot

Your Environment

vm ESXi from OVA

dennisoelkers commented 8 years ago

Does this happen every time the alarm callback is triggered?

dennisoelkers commented 8 years ago

Found the problem. You specified a backlog of 0 in your alert condition configuration. This means that alarm callbacks get 0 messages.

fx00f commented 8 years ago

Thank you. Sorry for the stupidity.

Draven13 commented 6 years ago

How did you parse the alert and send it to bot?

joschi commented 6 years ago

@Draven13 Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.

Thank you!