Simplify the calculation of the events period in case of a catch up window

Question

Simplify the calculation of the events period in case of a catch up window

Closed this issue a year ago · 1 comments

Due to a Graylog bug (Graylog2/graylog2-server#13061) the current code corresponding to the calculation of the period of the events which triggered a rule is quite complex.
When this Graylog bug will be fixed, it would be nice to simplify this code.

Answer 1 · 2023-09-05T16:31:30.000Z

I've tested with CorrelationCount v5.1.0 and I confirm it triggers alerts as expected in case of a catch up window.
(test: send logs in the future, stop graylog for some minutes, start graylog and check if alerts trigger)