/graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Query For Alert Conditions #3966

Closed
jalogisch opened this Issue Jul 3, 2017 · 1 comment

Comments

Assignees
No one assigned
Labels
feature triaged
Projects
None yet
Milestone
No milestone
3 participants
@jalogisch @Mattia98 @florianvolle
@jalogisch
Member

jalogisch commented Jul 3, 2017

Expected Behavior

Be able to configure the Query for an alert condition.

Current Behavior

The Query for an alert condition is * on a stream.

Possible Solution

Add one additional field to the alert condition that the experienced user is able to make a more specific search on a stream for the alert condition.

Context

This way it is not needed to create lots of streams just to be able to alert on a certain type of message by adjusting the query that is done.

@jalogisch jalogisch added the feature label Jul 3, 2017

@florianvolle florianvolle added the triaged label Jul 13, 2017

@jalogisch jalogisch referenced this issue Nov 6, 2017

Open

Granular Alert State based on Source field #4283

@Mattia98

This comment has been minimized.

Sign in to view

Mattia98 commented Mar 30, 2018

I think it is critical that this feature is implemented. I have composed a query that shows me some specific error that I want to get an alert for. The only thing I can do right now is put the query count to a dashboard an monitor it, or have the search window in refresh mode open all the time. But I also need to know about possible matches when I am not in front of a monitor, hence I need to create an alert for a query. I couldn't believe that this wasn't a feature yet. Or is there another way you are supposed to create alerts for a specific error?

bernd added a commit that referenced this issue Oct 15, 2018

@bernd
Make search query in alert conditions configurable in the UI 
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966
Loading status checks…
8d51b45

@bernd bernd referenced this issue Oct 15, 2018

Merged

Make search query in alert conditions configurable in the UI #5212

bernd added a commit that referenced this issue Oct 16, 2018

@bernd
Make search query in alert conditions configurable in the UI 
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966
485ed72

bernd added a commit that referenced this issue Oct 18, 2018

@bernd
Make search query in alert conditions configurable in the UI 
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966
623d8f2

bernd added a commit that referenced this issue Oct 29, 2018

@bernd
Make search query in alert conditions configurable in the UI 
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966
f59a945

bernd added a commit that referenced this issue Nov 6, 2018

@bernd
Make search query in alert conditions configurable in the UI 
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966
1136537

@edmundoa edmundoa closed this in #5212 Nov 7, 2018

edmundoa added a commit that referenced this issue Nov 7, 2018

@bernd @edmundoa
Make search query in alert conditions configurable in the UI (#5212) 
* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.
0533cfd

edmundoa added a commit that referenced this issue Nov 7, 2018

@bernd @edmundoa
Make search query in alert conditions configurable in the UI (#5212) 
* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.

(cherry picked from commit 0533cfd)
Loading status checks…
e3527bf

bernd added a commit that referenced this issue Nov 8, 2018

@edmundoa @bernd
Make search query in alert conditions configurable in the UI (#5212) (#… 
…5277)

* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.

(cherry picked from commit 0533cfd)
bbe7fdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment