I use Graylog 3.3.8 and I’d like to send slack notifications with the permalink.
To do so I want to build this string
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}
I’ve read this documentation Alerts — Graylog 3.3.8 documentation and found “index” in the backlog section!
But when the slack notification is sent, I receive this error message
That is suspicious because message.id is working
How can I get an index from the message to create permalink?
Try to use correct format ${message.index} so $ before {
I wrote in correct format, but for some reason ‘$’ was hidden on this site
Also I put ${message} here http://joxi.ru/Vrw9vjas4LVX52 (it’s forbidden to upload txt files)
to show that index property is not presented.
Hello,
Just chiming in, awhile back I want to do this. I tried your notification configuration out. This works great. Just want to say thanks 
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Priority: ${event.priority}
Alert: ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
Stream URL: ${event.stream_name}
${if stream_url}Stream URL: ${stream_url}${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
https://graylog.domain.com:9000/messages/${message.index}/${message.id}
User: ${message.fields.TargetUserName}
WorkStation Name: ${message.fields.WorkstationName}
Event Time: ${message.fields.EventReceivedTime}
Source: ${message.source}
Logon Type: ${message.LogonType}
---[backlog end]---------------------------------
${end}
${end}
And I received this.
Glad to hear it helped you!
Which version of graylog do to use?
Just use online editor to format code correctly using ```code``` and read FAQ how to post comments:
https://community.graylog.org/faq
Thanks, I’ve edited the comment, looks good.
Do you post only extract of your message template? Because I don’t see ${end} of forearch loop.
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}${end}
There is a full template
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
${if backlog}Last messages accounting for this alert:
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}
${end}${else}<No backlog>
${end}
I don’t know if the message in same line as if can’t create problem, try to format it in separate line as:
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
${if backlog}
Last messages accounting for this alert:
${foreach backlog message}
https://my_domain/messages/${message.index}/${message.id}
${end}
${else}<No backlog>
${end}
No, without ${message.index} part everything is working. I attached screenshot above where your can see that index not exists in message object. I can use message.source, message.id, message.message, but not message.index, because it is not there.
Maybe it’s problem with slack notification. Did you try to use same notification template with Email notification?
I can’t check because I use graylog 4.0.
Maybe it’s been already fixed in newer version of 3.3 (latest is 3.3.12):
https://docs.graylog.org/en/3.3/pages/changelog.html
Best way to test is to download OVA a configure simple setup and test:
https://docs.graylog.org/en/3.3/pages/installation/virtual_machine_appliances.html
Hello,
I use Graylog 4.0.6, I just seen you are using slack. My apologies I over looked that.
Good catch! An email notification is working
I’ll try to update to graylog 4.0 and check than
Thanks!