Graylog v2.3.2
我的目标是让条件发出警报,并且警报保持打开状态,直到它被标记为已解决或应用定义的已解决条件。
我有一个警报设置,这是条件配置:
Configuration: Alert is triggered when messages matching
<full_message: "*Short*"> are received. Grace period: 15 minutes.
Including last 2 messages in alert notification. Configured to not
repeat notifications.
警报触发正常,但随后它会自行解决。
这是日志....
2018-01-04 23:56:23.699
Graylog checks test_alert (Field Content Alert Condition) condition on stream All messages
2018-01-04 23:56:23.699
Stream received messages matching <full_message:"Short"> (Current grace time: 15 minutes)
2018-01-04 23:56:23.699
Graylog triggers an alert for test_alert (Field Content Alert Condition) and starts sending notifications
2018-01-04 23:56:23.699
No notifications were configured for this alert
2018-01-04 23:56:28.526
Condition is no longer satisfied, alert is marked as resolved
为什么它说“条件不再满足”并解决警报?
我的目标是保持警报打开,直到有人解决它或通过另一个条件/等解决
Graylog 中的警报基本上是预定的搜索。如果搜索结果不为空(或更一般地触发警报条件),则触发警报(或激活)。一旦预定的搜索没有返回任何结果(或未触发警报条件),警报将被解决。
有关 Graylog 中警报的更多详细信息,请参阅http://docs.graylog.org/en/2.3/pages/streams/alerts.html 。
从 Graylog 2.4.0 开始,这是不可能的。
随时在https://github.com/Graylog2/graylog2-server/issues/创建功能请求