Hi, So I have this stream to alert on specific event ID received. I do receive the emails but it always shows <No backlog> instead of the last events.
Example received email: ########## > > Alert Description: Stream had 517 messages in the last 120 minutes with > trigger condition more than 3 messages. (Current grace time: 60 minutes) > > Date: 2016-08-15T20:15:45.724Z > > Stream ID: 578e75400ae2f10b11387f0d > > Stream title: AD Failed Logons > > Stream description: AD Failed Logons > > Stream URL: > https://logs.domain.com/streams/578e75400ae2f10b11387f0d/messages?rangetype=absolute&from=2016-08-15T18:15:45.724Z&to=2016-08-15T20:15:45.724Z&q=* > > <https://logs.casgrain.ca/streams/578e75400ae2f10b11387f0d/messages?rangetype=absolute&from=2016-08-15T18:15:45.724Z&to=2016-08-15T20:15:45.724Z&q=*> > > > > Triggered condition: > 7f6c6733-f3ae-4add-873c-dac3d81d0828:MESSAGE_COUNT={time: 120, > threshold_type: more, threshold: 3, grace: 60}, > stream:={578e75400ae2f10b11387f0d: "AD Failed Logons"} ########## > > > > <No backlog> > Here is my callback: ########## > > Alert Description: ${check_result.resultDescription} > > Date: ${check_result.triggeredAt} > > Stream ID: ${stream.id} > > Stream title: ${stream.title} > > Stream description: ${stream.description} > > ${if stream_url}Stream URL: ${stream_url}${end} > > >> Triggered condition: ${check_result.triggeredCondition} > > ########## > > >> ${if backlog}Last messages accounting for this alert: > > >> ${foreach backlog message} > > Source host: ${message.fields.source} > > Targeted Username: ${message.fields.TargetUserName} > > Source Username: ${message.fields.SubjectUserName} > > >> ${end}${else}<No backlog> > > ${end} > > I do have other streams that work fine however. Is there a way to debug this? I'll assume human error but in the event of a bug, I'd like some "meat" before submitting a bug tracker. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/60f42547-6a6b-40af-8e7c-95507c9d9362%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
