Alert not triggered on single-event condition
Posted: Wed Jul 01, 2020 12:36 pm
Hello,
I am running XI 5.6.7. I have set up an alert on this server that queries an existing query on our Nagios Log Server. In the event that a single instance of a specific condition occurs on the Log Server, XI should fire an alert. The current threshold for this alert is w='1' and c='1'.
However, the behavior I'm seeing is that when the condition occurs, XI shows that there's a single event, but that the alert is still in "OK" status. I've even tried lowering the threshold to w=0/c=0 and still nothing happens.
Here is the query string for the alert:
check_xi_service_nagioslogserver!--url='http://x.x.x.x/nagioslogserver/' --apikey='1234' --minutes='15' --warn='1' --crit='1' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"host:x.x.x.x AND \"Too many open files\""}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1589310694196,"to":1589397094197}}}]}}}}}'!!!!!!!
Any clue what I'm doing wrong?
-- Mike Beebe
I am running XI 5.6.7. I have set up an alert on this server that queries an existing query on our Nagios Log Server. In the event that a single instance of a specific condition occurs on the Log Server, XI should fire an alert. The current threshold for this alert is w='1' and c='1'.
However, the behavior I'm seeing is that when the condition occurs, XI shows that there's a single event, but that the alert is still in "OK" status. I've even tried lowering the threshold to w=0/c=0 and still nothing happens.
Here is the query string for the alert:
check_xi_service_nagioslogserver!--url='http://x.x.x.x/nagioslogserver/' --apikey='1234' --minutes='15' --warn='1' --crit='1' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"host:x.x.x.x AND \"Too many open files\""}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1589310694196,"to":1589397094197}}}]}}}}}'!!!!!!!
Any clue what I'm doing wrong?
-- Mike Beebe