I use Graylog 3.3.8 and I’d like to send slack notifications with the permalink.
To do so I want to build this string
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}
I’ve read this documentation Alerts — Graylog 3.3.8 documentation and found “index” in the backlog section!
But when the slack notification is sent, I receive this error message
That is suspicious because message.id is working
How can I get an index from the message to create permalink?
Try to use correct format ${message.index} so $ before {
I wrote in correct format, but for some reason ‘$’ was hidden on this site
Also I put ${message} here http://joxi.ru/Vrw9vjas4LVX52 (it’s forbidden to upload txt files)
to show that index property is not presented.
Hello,
Just chiming in, awhile back I want to do this. I tried your notification configuration out. This works great. Just want to say thanks 
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Priority: ${event.priority}
Alert: ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
Stream URL: ${event.stream_name}
${if stream_url}Stream URL: ${stream_url}${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
https://graylog.domain.com:9000/messages/${message.index}/${message.id}
User: ${message.fields.TargetUserName}
WorkStation Name: ${message.fields.WorkstationName}
Event Time: ${message.fields.EventReceivedTime}
Source: ${message.source}
Logon Type: ${message.LogonType}
---[backlog end]---------------------------------
${end}
${end}
And I received this.
Glad to hear it helped you!
Which version of graylog do to use?
Just use online editor to format code correctly using ```code``` and read FAQ how to post comments:
https://community.graylog.org/faq
Thanks, I’ve edited the comment, looks good.
Do you post only extract of your message template? Because I don’t see ${end} of forearch loop.
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}${end}
There is a full template
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
${if backlog}Last messages accounting for this alert:
${foreach backlog message}https://my_domain/messages/${message.index}/${message.id}
${end}${else}<No backlog>
${end}
I don’t know if the message in same line as if can’t create problem, try to format it in separate line as:
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
${if backlog}
Last messages accounting for this alert:
${foreach backlog message}
https://my_domain/messages/${message.index}/${message.id}
${end}
${else}<No backlog>
${end}
No, without ${message.index} part everything is working. I attached screenshot above where your can see that index not exists in message object. I can use message.source, message.id, message.message, but not message.index, because it is not there.
Maybe it’s problem with slack notification. Did you try to use same notification template with Email notification?
I can’t check because I use graylog 4.0.
Maybe it’s been already fixed in newer version of 3.3 (latest is 3.3.12):
https://docs.graylog.org/en/3.3/pages/changelog.html
Best way to test is to download OVA a configure simple setup and test:
https://docs.graylog.org/en/3.3/pages/installation/virtual_machine_appliances.html
Hello,
I use Graylog 4.0.6, I just seen you are using slack. My apologies I over looked that.
Good catch! An email notification is working
I’ll try to update to graylog 4.0 and check than
Thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.