Hi All,
I have some custom fields which have been added to event messages.
I want to use the slack alert plugin to create a custom message with the fields in it.
Having looked at the documentation at http://docs.graylog.org/en/2.3/pages/streams/alerts.html#email-alert-notification as well as forum post here at Email Notification - full_message
It states that I need to use a foreach statement to iterate over the backlog object. Therefore if I have two fields called event_name and event_severity, the message i want create a message similar to the one below.
########################
Dear Sirs,
We have received an alert for your organisation, the details are below:-
Alert Description: ${check_result.resultDescription}
{if backlog}Last messages accounting for this alert: {foreach backlog message}${message}
Event Name: message.fields.event_name
Event Severity: message.fields.event_severity
Full Message of the Alert
message.fields.full_message
{end}{else}
${end}
Kind Regards
Company XXXX
#############
Have I understood how the module works? Does the backlog object just contain one message when set to ‘1’.
How does the backlog object work when this is the first alert of it’s kind?
Kind Regards
Jake Smith
