jalogisch
commented
6 years ago Reference: https://community.graylog.org/t/graylog-alerts-conditions-not-registering-any-alerts-at-all/6234/7
Set alert_check_interval to 1 second will not allow the alert runner to finish the work.
some kind of sanity check should be implemented that this kind of configuration produce log entries.
bernd
Graylog Alert Condition Configuration
Condition Type : Field content Alert Condition Condition Definition : Field = “state” , Value = “failed” , Grace Period = “0” , Message Backlog = “0”
Problem
Even when I am sending the message with state value failed to graylog stream. Alert condition is connected to this stream but no alerts are registering at all in the Alerts Section and, therefore, not getting any alert notifications.
For further reference in have reported explained issue in the link below: https://community.graylog.org/t/graylog-alerts-conditions-not-registering-any-alerts-at-all/6234
I have already been through the thread link below. But it is does not helping me out. https://github.com/Graylog2/graylog2-server/issues/3881
Context
I am using pipeline connected to specific stream, to process the message based on the string in the log message. Pipeline processor process the message and add a new field "state" with any of following values "failed" or "succeed". Based on the value of "state" field, if "failed" I want to generate an Alert in Graylog that sends a notification on a Slack channel.
Your Environment