Hi Rayees, which version of Graylog are you using?
Cheers, Jochen On Monday, 23 January 2017 17:03:09 UTC+1, Rayees Namathponnan wrote: > > Hi All, > > I have written a script to generate 501 message / second with 1 unique > string in 501 th to generate alert, if you run the script it generate > messages 70 unique string and expecting an alert with message count is 70, > but graylog always report only 60-65 messages, looks like some alerts as > missing in graylog, more details are below > > > Script > -------- > > You can get script from > https://github.com/rayeesnp/graylog-performance/tree/master > > There are two scripts one generate logs “log_gen.py” and fl_app.py is > python flask app it can receive alert from graylog alert HTTP call back and > report number of alert received from graylog > > if you run this script, it will generate 500 message like message A > [random ip address before GET] and 1 message like B [ > hostname_process_string_uniquenumber ] > > message a > --------------- > 2017-01-19 19:00:01.612519 - sjelk34_0 - [218.193.16.244] "GET /wheelsets > HTTP/1.0" 200 3148 "http://bleater.com"; "Mozilla/5.0 (Macintosh; Intel > Mac OS X 10_9_2) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36" > > message B > --------------- > 2017-01-19 19:00:01.612573 - sjelk34_0 - [sjelk34_0_uni_68] "GET > /wheelsets HTTP/1.0" 200 4879 "http://bleater.com"; "Mozilla/5.0 > (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/36.0.1944.0 Safari/537.36” > > > > Graylog Configurations > ------------------------------- > File beat to collect log, graylog collector log harvest log from > /data/logs > > Configured extractor to extract the the string “hostname_process", my > cases added regular expression “(sjvm34_0+)”, field contains the string > “sjvm34_0_uni”, store as filed “message_tag_0” > > Created stream rule with field tag “message_tag_0” contains “sjvm34_0” > > In manage alert configure “Alert is triggered when there is more than one > message in the last 3 minutes. Grace period: 3 minutes.” > > Then execute the script, by default script will execute 1 minute and > generate 70 unique script with sequence number, i am expecting alert > message with 70 message in alert, but alert generating only for 60-65 > messages. > > > Regards, > Rayees > > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a2faaee1-235a-448b-a8e6-79f74a15d916%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
