event processor report compile issues, alert creation has scaled from a few a week to 3000+ #1782
Description
Acknowledgements
- I have searched (https://github.com/utmstack/UTMStack/issues) for past instances of this issue
- I have verified that my UTMStack version is up-to-date
Describe the bug
alert creation is creating multiple identical alerts covering days of logs since start of week, checked cpu eventprocessor is ~100% of cpu and in logs its constantly erroring on compile issues
tried clearing rules and stop start eventproceeor downloads new files then resumes this error
❌ {"timestamp":"2026-02-06T15:54:59.832847042Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":39},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":45},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":52},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":59},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":66}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.8330836Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":18},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":24},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":31},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":38}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.835324411Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":18},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":24},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":31},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":38}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.835670536Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":5},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":11}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.837145233Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":39},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":45},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":52},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":59},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":66}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.837958501Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":5},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":11}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.840651205Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":18},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":24},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":31},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":38}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.843338668Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":39},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":45},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":52},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":59},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":66}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.843969137Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":18},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":24},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":31},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":38}],"process":"plugin_analysis"},"severity":"ERROR"}
❌ {"timestamp":"2026-02-06T15:54:59.844009808Z","code":"3e12416d4b71899d837868131d64b945","msg":"failed to compile expression","cause":"consult issues list for more information","args":{"issues":[{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":5},{"Location":{},"Message":"found no matching overload for '_==_' applied to '(double, int)'","ExprID":11}],"process":"plugin_analysis"},"severity":"ERROR"}
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
single alert covering an issue such as successful login after failure
Current Behavior
~30 alerts for each event
Reproduction Steps
not sure this was a running system running v11.2.1-community, have stopped and updated and is running v11.2.2-community
Possible Solution
No response
Additional Information/Context
No response
UTMStack Version
11.2.2
Operating System and version
Ubuntu 24.04.3 LTS
Hypervisor and Version | Server Vendor and Model
vmware 8
Browser and version
Firefox 147.0.2