Hi there, pretty new to graylog but I’m trying to figure out how I can more information into an alert. I’ve created the condition that fires on the string ‘logged on’ but I want the entire message to appear that shows me the user who’s logged on as that appears in the message. I have tried a few things following the docs but neither give the desired result.
Any help greatly appreciated.
Many thanks
Will
What have you been trying so far, what did you expect, and what was the actual result?
Also see http://docs.graylog.org/en/2.4/pages/streams/alerts.html#email-alert-notification for details about the email alert notifications.
Hi, I’ve tried adding check_result.triggeredCondition and message.fields.full_mesaage. What I was hoping that would show me is the entire message in the email so not only can I see a login function it also states who.
Thanks
Will
Where and how exactly?
In the alert configuration section:
##########
Alert Description: {check_result.resultDescription}
Date: {check_result.triggeredAt}
Stream ID: {stream.id}
User: {check_result.triggeredCondition}
Info:{message.fields.full_message}
Stream title: {stream.title}
Stream description: {stream.description}
Alert Condition Title: {alertCondition.title}
{if stream_url}Stream URL: {stream_url}${end}
Triggered condition: ${check_result.triggeredCondition}
##########
The alert triggers as per conditions but I want to get more information in the alert.
Thanks
Will
As described in the documentation I’ve linked to in my previous post, the message object is only available when iterating over the backlog collection.
Additionally, message.fields.full_message refers to the “full_message” field of a message, which is probably not what you want.
OK, so at the risk of sounding rude here and this is not my intention, what do i need to add in to get the information I’m after in the alert? Or is that even possible as the documentation isn’t exactly clear as to what each element provides.
Thanks
The documentation writes this:
backlog
A list of message objects. Can be used to iterate over the messages via foreach.
message (only available via iteration over the backlog object)
The message object has several fields with details about the message. When using the message object without accessing any fields, the toString() method of the underlying Java object is used to display it.
Additionally, the (working) default template for the email alert callback is as follows:
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
Stream ID: ${stream.id}
Stream title: ${stream.title}
Stream description: ${stream.description}
Alert Condition Title: ${alertCondition.title}
${if stream_url}Stream URL: ${stream_url}${end}
Triggered condition: ${check_result.triggeredCondition}
##########
${if backlog}Last messages accounting for this alert:
${foreach backlog message}${message}
${end}
${else}<No backlog>
${end}
Take note of the iteration over the backlog collection with foreach.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.