Hello,
I am running XI 5.6.7. I have set up an alert on this server that queries an existing query on our Nagios Log Server. In the event that a single instance of a specific condition occurs on the Log Server, XI should fire an alert. The current threshold for this alert is w='1' and c='1'.
However, the behavior I'm seeing is that when the condition occurs, XI shows that there's a single event, but that the alert is still in "OK" status. I've even tried lowering the threshold to w=0/c=0 and still nothing happens.
Here is the query string for the alert:
check_xi_service_nagioslogserver!--url='http://x.x.x.x/nagioslogserver/' --apikey='1234' --minutes='15' --warn='1' --crit='1' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"host:x.x.x.x AND \"Too many open files\""}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1589310694196,"to":1589397094197}}}]}}}}}'!!!!!!!
Any clue what I'm doing wrong?
-- Mike Beebe
Alert not triggered on single-event condition
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Alert not triggered on single-event condition
You can enter :0 or ~:0 for the WARNING and CRITICAL threshold and it would alert on anything outside of the range of -∞ .. 0
https://nagios-plugins.org/doc/guidelin ... HOLDFORMAT
https://nagios-plugins.org/doc/guidelin ... HOLDFORMAT
Re: Alert not triggered on single-event condition
Thank you; that worked perfect.
Please close this ticket.
Please close this ticket.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Alert not triggered on single-event condition
Great!mbeebe wrote:Thank you; that worked perfect.
Please close this ticket.
Locking thread