I tried to read all the posts about the mentioned topic, and the suggested solution in some of them is NOT working:
For example, for a field named query_answer_IP, use as the alert title/email subject “MISP Match - PiHole DNS: ${foreach backlog message}${message.fields.query_answer_IP}${end}”.
The strange thing is that the definition is working for the email body (the IP 200.98.255.192 is the value of the query_answer_IP in this example), but not for the subject of the email.
Does anybody knows if there is other way to do this?
Reviewing the features requests that are similar to the mentioned feature, I think this one is similar to what I’m asking, and is still open:
I have not been able to configure any type of Macro in the Title of a Event Definition and/or Notification Title for an email that would represent a hostname, username, etc…
You could configure your notification to repersent what you want to see. Maybe using the Aggregation settings in your Event Definitions.
The only thing that I can think of to put the value of a field in the subject of an email, is to use the HTTP Notification on Graylog, and make a webhook to get the information of the alert with and automation tool, and send the email with that, but I think that the feature that we are talking about is pretty simple to be available at Graylog, Sadly I’m not a Developer.
Sadly I’m not a Developer.