Graylog alerting on specific log occurrence - graylog

I have a question on how does one set up an email alert, when a certain error in found in the logs.
So basicly i have this sort of error :
org.postgresql.util.PSQLException: ERROR: missing FROM-clause entry for table "something".
Now when this error, or similar error comes, i would love for graylog to alert certain people so they can react to it, however i have managed to only find information on how you set up alerts when there are too many messages coming through or something like that. If anyone has some experience with this sort of search and notify alert, would be much appreciated.

What version of Graylog are you using?
Have you tried the docs here:
https://docs.graylog.org/en/4.0/pages/alerts.html?highlight=alerts
Set your query, stream, intervals and then select "Filter has results" and it will generate an event each time the query comes up with a match. You can then use a notification to send emails to relevant users.

When you set an alarm, in the "conditions" section you can see there are two options.
One option is to aggregate the occurencies and then trigger the alarm when they reach a treshold, the other option is to just trigger the alarm as soon as there is a single occurency (that you need to define).
I personally used this option and it works fine. I've attached a screenshot of what I see from my graylog, but if you need additional informations, this is the page from Graylog documentation. I think it's very well explained :)
https://docs.graylog.org/en/4.0/pages/alerts.html

Related

Anylogic How to queue and process received messages by agents

--This post has been edited as #Benjamin has suggested in his answer
I am trying to model peer influence for churn situations. Agents will send messages to their peers depending on different conditions. I have also created a List called MessagesReceived to store received messages.(The number of these messages may be >1).
I have tried processing (i.e. adding the message to a list of received messages) these messages in Connections>OnMessageReceived but although I can access message and sender objects, I don't know how to access the receiving agent there.
what would you suggest in this case?
P.S: variable names and types may be a little different in screenshots but the problem I described here does not come from that.
Please always only ask one question per issue, else it gets too confusing.
So let me answer your first question:
although I can access message and sender objects, I don't know how to access the receiving agent there
You can simply type this. in the code box below and you have access to "yourself". In fact, you do not even need that, simply access the fields from "yourself" here. If you are in an agent with variable myVar, you simply use that.
For the other questions, please open separate issues, see this.

Any way to setup Alerts for Twilio SMS messages by excluding a group of errors, rather than by including each error specifically?

I am working on a project that encounters a series of errors everyday such as user unsubscribed, etc. (About 4 or 5 different error codes everyday)
These errors are inconsequential to the management and can be ignored.
Any way to configure the alerts on Twilio to email me when any error occurs which DOES NOT belong to the error group that is deemed inconsequential?
Doesn't have to be email, new to this and open to any savvy ways of keeping myself informed of new errors in an automated way.
As far as I can tell, I can only perform the opposite action(Setup 1 alert for each error code) on the Twilio code. This has the disadvantage of having to know the error code in advance before configuring the alert.
Open to any way of doing this, not just through the console(via a Python API etc.)
Thank you.
Twilio developer evangelist here.
Can I suggest that you set up the event webhook as shown here:
It will send a webhook event to a server of yours for every error or warning that is triggered. You could then build a small service that receives those errors and discards the ones you don't care about and alerts you of ones that do matter.
On top of that, you can change the threshold of the error emails. If you always get 4-5 errors a day, making the alert threshold 6 errors may alert you if something is wrong that you don't expect.
Finally, the errors may be inconsequential, but you might find it easier to try to drive those errors to 0 every day anyway. If they are due to unsubscribed phone numbers, ensure to disable sending messages to those numbers once you detect that they are unsubscribed.

Changing messages on Slack

So I'm attempting to change a message in slack through my slackbot at the end of a chain of events. I'm able to change it for the first few instances, but I'm not able to do the very last one. I'm 99% sure that it is because I have reached the 5 interactions limit since I am indeed going through 5 interactions with the user prior to my final message. If this is the case, is there a way to change a message without server responses? I ask because the last message is simply a thank you message to the user for participating. It doesn't actually require any input from data on the server to accomplish. I feel like I read about doing it somewhere, but for the life of me I cannot find it again. Any help or links would be greatly appreciated!
EDIT: The user is interacting with buttons through interactive messages to respond to some questions. The current method of updating messages are with chat.update and setting "response_type": "ephemeral" within the json params that I am sending.
An alternative method to using chat.update is to simply reply with the message to the request from Slack. This will replace the existing message by default. It has no limit that I am aware of, so it solves your problem.
This works great with slash commands and interactive messages.
See here for more details.

Revulytics data not showing in Dashboard

I am using Revulytics SDK to track feature usage and came across the below problem.
I am sending feature usage after properly setting up the SDK configuration etc, using the EventTrack() method like this:
GenericReturn grTest = telemetryObj.EventTrack("FeatureUsage", textBoxName.Text.ToString(), null, false);
This returns OK and usually, I can see the usage data in the dashboard. However, after multiple tests, the data I am sending does not show up on the dashboard.
Can anyone hint me how to debug this? Thanks for any help!
I hit a similar issue when first working with this SDK.
I was able to address this as soon as I understood the following:
There are event quotas for the incoming events;
Event names are used for making the distinction.
So when I was sending dummy test data, it made it there, but when I sent some demo data for stakeholders, it was not showing up.
I think the same happens here. You're getting the event name form textbox.text... Pretty sure that varies every time you run the code.
Here are the things to keep in mind when testing your code:
the server has a mechanism to discard / consider events;
implicitly, it allows first xx events depending on the quota;
if you are sending more than xx events, they will not show up in reports.
So, you must control which events to discard and which to consider (there are a couple of levels you can configure, and based of them you can get the events in various types of reports).
Find the "Tracked Events Whitelist Management". You will be able to control these things form there.
This blog helped me (it is not SDK documentation): https://www.revulytics.com/blog/getting-started-with-usage-intelligence-part2-event-tracking
Good luck!

A way of logging more info than error ID in Flurry?

I use Flurry 5.4.0 for iOS at the moment and I have a concern about being able to log more information than only an error ID when it comes to the method:
+ (void)logError:(NSString *)errorID message:(NSString *)message error:(NSError *)error;
You might wonder if I'm a bit slow, since there obviously exists a perfect parameter for just that, message:(NSString *)message. Well, unfortunately that message doesn't show up anywhere in the Flurry dashboard, which the Flurry Support Team confirmed in the answer that I got back (2014-08-30):
For error reporting, although you can pass the message in the logError function call - at the moment the dashboard doesn't have the provision to display the error message. This is something that is being considered in the long term feature road-map. Our product team is aware of this, and they would work on it, as a feature request. But, at the moment I do not have a time-line on if/when this would get implemented.
So, I don't really know how to proceed to add more important information "to" my errors. A first unsmart idea was to concatenate the information and send this in the first parameter:
errorID = errorID + errorMessage;
This to at least get the information to Flurry, but that would more or less always create unique error IDs and we would miss the great benefit of separating the errors into different kinds or errors. A really bad idea.
Apart from changing analytics provider I can't figure out a smart way to get hold of the own-created error information. Maybe I should just do that, or how do you add more useful error info to inspect at the Flurry dashboard?
Please feel free to speculate.
I asked the Flurry Team if I could get the message info from any of their ("requestable") open APIs instead and got this reply:
We do not have API that provides the error message. In addition to the errors section be sure to check the Technical -> Errors section. There is an exception log at the bottom that may provide some additional insight into the cause of your crashes.
When checking out the recommended section I found what I have been looking for. The message is located under the sub section called 'Exception Log'. I'd say that it's a bad placement, since it's more obvious to go look for logged errors under a section called 'Errors' than under 'Technical'. Right(?)
Flurry is a nice way to go so I would re frame what you define as an error and evaluate what is more important - getting the information back or getting it back as an error.
Option 1
I would log the events as some sort of sudo error (aka - "A bad thing happened" :) and use the parameters to bring back the additional details you are wanting.
Option 2
It was unclear in your response from the Flurry team if the information is completely unavailable or just not available within their portal/dashboard.
If you download the raw data from Flurry can you see the information you wanted and create your own dashboard as appropriate from that?
Hopefully this is enough speculation to get things flowing for you.

Resources