Graylog plugin to go back to the past, check the alert for a specified time and alert in the present
Required Graylog version: 2.3 and later
Download the plugin
and place the .jar file in your Graylog plugin directory. The plugin directory
is the plugins/ folder relative from your graylog-server directory by default
and can be configured in your graylog.conf file.
Restart graylog-server and you are done.
Function Prototype:
First we have to select the alert type Delorean
Then we have to set all the common fields plus query, backtime and the staytime. You must complete the query field with a normal query, the same that you do in the search field in the graylog search mode, for example field:"value".
All set! We now can go back search an event for sometime in the past and get the alert! This is usefull when the log have some delay and it's timestamp isn't the same as the EventReceivedTime when the log arrives.
Also you can use this feature to not just search for a 1 minute time event, all you have to do is set the backtime in 0.
This project is using Maven 3 and requires Java 7 or higher.
- Clone this repository.
- Run
mvn packageto build a JAR file. - Optional: Run
mvn jdeb:jdebandmvn rpm:rpmto create a DEB and RPM package respectively. - Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
We are using the maven release plugin:
$ mvn release:prepare
[...]
$ mvn release:perform
This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.