I didn’t realize the need for a URL in my notification until receiving a large amounts of alert emails. Even thou I did make configurations to the Notification template and can find who/what/and where something happened. I did find it nice, if need be, to click a link that would take me right to the alert message for greater understanding on what happened. The default settings for HTML only showed the ${event.source_streams} that would still require me to search and let it be known, I’m kind of lazy 
. This started to become a tedious task so I had to find it simpler way to find/access the messages in Graylogs Web UI.
I’ve been using this Notification Template since Graylog 3.3 and now I’m using it on Graylog 4.2. The original configuration below is without HTML. This was just the Body Template .
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Priority: ${event.priority}
Alert: ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
${if stream_url}Stream URL: ${stream_url}${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
User: ${message.fields.TargetUserName}
WorkStation Name: ${message.fields.WorkstationName}
Event Time: ${message.fields.EventReceivedTime}
Source: ${message.source}
Logon Type: ${message.LogonType}
Stream URL: https://garylog.domain.com:9000/messages/${message.index}/${message.id}
---[backlog end]---------------------------------
${end}
${end}
This next example I have removed Stream URL from the Body Template as shown above and configured only the HTML Body Template with the Source Stream as shown below.
<table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1.2"><tbody>
<tr style="line-height:1.5"><th colspan="2" style="background-color:#e6e6e6">Event Definition</th></tr>
<tr><td width="200px">Title</td><td>${event_definition_title}</td></tr>
<tr><td>Description</td><td>${event_definition_description}</td></tr>
<tr><td>Type</td><td>${event_definition_type}</td></tr>
</tbody></table>
<br /><table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1.2"><tbody>
<tr><th colspan="2" style="background-color:#e6e6e6;line-height:1.5">Event</th></tr>
<tr><td width="200px">Timestamp</td><td>${event.timestamp}</td></tr>
<tr><td>Message</td><td>${event.message}</td></tr>
<tr><td>Source</td><td>${event.source}</td></tr>
<tr><td>Key</td><td>${event.key}</td></tr>
<tr><td>Priority</td><td>${event.priority}</td></tr>
<tr><td>Alert</td><td>${event.alert}</td></tr>
<tr><td>Timestamp Processing</td><td>${event.timestamp}</td></tr>
<tr><td>Timerange Start</td><td>${event.timerange_start}</td></tr>
<tr><td>Timerange End</td><td>${event.timerange_end}</td></tr>
<tr><td>Fields</td><td><ul style="list-style-type:square;">${foreach event.fields field}<li>${field.key}:${field.value}</li>${end}<ul></td></tr>
</tbody></table>
${if backlog}
<br /><table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1.2"><tbody>
<tr><th style="background-color:#e6e6e6;line-height:1.5">Backlog (Last messages accounting for this alert)</th></tr>
${foreach backlog message}
<tr><td>User: ${message.fields.TargetUserName}</td></tr>
<tr><td>WorkStation Name: ${message.fields.WorkstationName}</td></tr>
<tr><td><tr><td>Event Time: ${message.fields.EventReceivedTime}</td></tr>
<tr><td>Source: ${message.source}</td></tr>
<tr><td>Logon Type: ${message.LogonType}</td></tr>
<tr><td>Source Streams: https://graylog.domain.com:9000/messages/${message.index}/${message.id}</td></tr>
${end}
</tbody></table>
${end}
Results
