Open ranger5x opened 4 years ago
bernd
commented
4 years ago @ranger5x Thanks for the report! We will see what we can do to restore previous behavior. As a workaround you could configure a grace period for the notifications to avoid getting an email notification every minute.
ranger5x
commented
4 years ago Thanks @bernd for looking into this. Actually we did try and tested grace period as well. Unfortunately the grace period (at least in its current implementation) isn't an option either because it suspends ALL notifications in the definition, not just the duplicates. By duplicates I mean the one that has already been sent. I.e. it suspends all notifications for everything that is caught by the filter.
If grace period suspended only the same message/event but would still let the other messages in same definition to be sent that would be ideal!
Hi, After upgrade to 3.1.3 notifications are unusable for a quite common use-case. Notifications are now triggered if the filter rule is satisfied, regardless of whether a specific event was already in previous notifications or not.
In other words, if I had just 1 event in the stream (say security group change, for example), and my Event definition is configured as:
I will receive 60 emails(!). This is completely impractical. There should be an option to make Graylog just send 1 notification for 1 event in the original stream.
We did not have this issue with previous Graylog versions.