Hello!
If I don’t use aggregation in my Event Defenition, can i use all fields from message when create a template for new field for Event Defenition. If I can, how I should make a template? Give me an example please
I assume that you are working with Notification template. If you want to show data from messages you need to aggregate them first in Event Definition. In section “Filter & Aggregation” aggregate by count() without choosing any field. This will cause that object “backlog” will contain messages when sending Notification and you will have access to fields of each message.
Here you can find examples:
https://docs.graylog.org/en/4.0/pages/alerts.html#alert-notification
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.