Alert Conditions¶
An alert condition determines whether an alert is triggered. The result of a condition is sent to an alert notification for sending to remote systems.
In Graylog alerting is based on searches and typically includes a list of messages that lead to the alert. However nothing prevents user code to query other systems than Elasticsearch to produce alerts.
Class Overview¶
The central interface is org.graylog2.plugin.alarms.AlertCondition
which is also the type that a plugin module must register using org.graylog2.plugin.PluginModule#addAlertCondition
.
Alert conditions are configurable at runtime and thus need a corresponding org.graylog2.plugin.configuration.ConfigurationRequest
.
Like many other types they also require a org.graylog2.plugin.alarms.AlertCondition.Descriptor
for displaying information about the alert condition.
Typically you will not implement AlertCondition
directly, but instead use org.graylog2.alerts.AbstractAlertCondition
which handles the configuration persistence for you automatically and implements two helper to provide the result of a condition check.
Example¶
Please refer to the sample plugin implementation for the full code.
Bindings¶
Compare with the code in the sample plugin.
public class SampleModule extends PluginModule {
@Override
public Set<? extends PluginConfigBean> getConfigBeans() {
return Collections.emptySet();
}
@Override
protected void configure() {
addAlertCondition(SampleAlertCondition.class.getCanonicalName(),
SampleAlertCondition.class,
SampleAlertCondition.Factory.class);
}
}
User Interface¶
Alert conditions have no special user interface elements.