Hi Endre, the "false" alerts can be caused by multiple things.
The configured alert conditions are basically checked in a fixed interval (see alert_check_interval in your Graylog configuration file) by running an Elasticsearch query which matches the configured conditions. Since messages can contain timestamps which are in the past, it's possible that at the time of checking the alert conditions there actually wasn't any message in the checked time frame. The message might have been indexed at a later point in time. Cheers, Jochen On Thursday, 7 May 2015 09:16:40 UTC+2, Endre E wrote: > > Hi, > > We are having some problems with our email alert on streams. Everything > else is working fine :) > > The issue is, even though we have set up email alert on stream when there > is less than 1 message the last 120 minutes, we get emails sometimes when > there has been messages in the stream. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
