Hello and Welcome,
I do not believe you can get two email notifications for each field/s you stated on one Event Definition you might have to split them up. You can attach multiple Email notification to one Event Definition maybe going to two different groups when the Event Definiftion is satisfied I can see that happening.
It’s hard to tell, could you show us in greater detail how you set up your environment?.
If those are Syslog fields then maybe something like this would work.
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Key: ${event.key}
Priority: ${event.priority}
Alert: ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
Fields:
${foreach event.fields field} ${field.key}: ${field.value}
${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
Namespace: ${message.fields.namespace_name}
Container: ${message.fields.container_name }
${end}
${end}
Have you seen this documentation?