i’ve created an alert rule from collection and changed the value from emergency to warning. i’ve connected these rule to a device (10.1.7.100) and to a alert template.
when i login with failure credentials i see the error in the syslog table in librenms, but no email alert coming.
syslog.timestamp >= “macros.past_5m” AND syslog.priority = “warning”
Screenshots of my Config
Have you configured alert transports and alert templates?
Yes, alert transport and alert templates are configured.
In the alert transport section click the button to test your transport.
Also please post your ./validate.php
You need to put backticks around the macro. Right now it is checking the date against a plain string and it will always fail.
1 February 2019 13:27
There is a bug in the builder
I had the same problem a few days ago, basically I think “macros.past_5m” shouldn’t be in quotes, for some reason the GUI adds it.
When creating the alert, I just chose Import from old syntax, and put in the query like this,
syslog.timestamp >= macros.past_5m AND syslog.msg REGEXP ".segfault."
My query does have a timestamp with the output of %value.string but no way to pull it out separately that i can find. Perhaps this is configurable on either syslog or the box itself. The only other way …
as a work around enclose
` around so it looks like this
`macros.past_5m` , Or use my suggestion in the other thread.
I also don’t think you want to use delay, try
Thank you, and thanks to murrant.
The backticks do the trick.