search

cvtienhoven / graylog-plugin-aggregates

Aggregates plugin for Graylog
https://marketplace.graylog.org
GNU General Public License v3.0
53 stars 12 forks source link

HTTP Alerts #29

Closed mellymello closed 6 years ago

mellymello commented 6 years ago

Hi,

First, thank you for your plugin, it's very useful for my team and me. I do have a question about the alerting.

When we configure the notification to use a HTTP Alarm Callback, the result is very poor in term of useful information and does not contain any data about the messages. For exemple, here is a part of the json I received :

{'check_result': {'matching_messages': [],
  'result_description': 'Aggregates rule [Dummy alert] triggered an alert.',
  'triggered': True,
  'triggered_at': '2017-11-08T16:03:16.529Z',
  'triggered_condition': {'created_at': '2017-11-08T16:03:16.529Z',
   'creator_user_id': '',
   'id': '',
   'parameters': {},
   'title': 'Aggregate rule [Dummy alert] triggered an alert.',
   'type': "The same value of field 'src_ip' occurs 1 or more times in a 1 minute interval"}},
 'stream': {'alert_conditions': [{'created_at': '2017-09-20T07:31:35.165Z', ...

Do you think you could make them more useful ? Like the results from a "normal" alert using the HTTP Alert Callback. It would be very nice to have some information to find the messages from the alert.

Thanks in advance

mellymello commented 6 years ago

Ok it's solved in newer versions. Didn't see that earlier