- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my environment, I am building search head clustering consisting of three search heads and one deployer.
In addition, I am using an alert that sends mail individually with the "map" command and "sendmail" command for logs that meet certain conditions.
However, as a result of checking this morning, only one alert was caught, and even though the result was one line, two mails were sent.
When I checking the internal logs, the logs below were issued in the internal logs of the two search heads at approximately the same timing (deviation of about 0.4 seconds).
"INFO sendemail:128 - Sending email..."
From this I thought that the same search ran for the two search heads.
Is there a workaround for this phenomenon?
Also, are "sendmail" and "map" commands not recommended in clustering?
And Is there a possibility that it is the cause?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
メールサーバ側(たとえば、Syslog) で、きちんとリクエストが来ているかという観点でのチェックも必要ですね。
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ご回答いただきありがとうございます。
アラートが二重で動作していたことが原因でした…
jobを確認したらすぐにわかりました。
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MAPコマンドもsendmailコマンドもクラスタ環境で問題なく動くと思います。JOBの重複起動やデータの重複が原因ではないですか?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ご回答いただきありがとうございます。
ご指摘のとおりアラートが二重で動いていたことが原因でした。
