Custom notification variables

You have to setup number of backlog to 1: in Alerts - Event Definitions - tab Notifications and field Message Backlog , tick the checkbox and set 1.

Message backlog define number of messages to be included in Notifications.

Source in default template for notification use {event.source}, which is source of event, not a source device.

If you want device source included in notification message use:
${foreach backlog message}${message.source}${end}

If you want to use user field (for example: src_ip) use {$message.fields.src_ip} :
${foreach backlog message}${message.fields.src_ip}${end}

For example I use this message text after somebody connect to switch:
{foreach backlog message} Source device: {message.source} Username: {message.fields.username} IP: {message.fields.src_ip} ${end}

You can also use same technique in message subject, for example I use this:
User ${foreach backlog message}${message.fields.username}${end} connected to switch ${foreach backlog message}${message.source}${end} from IP ${foreach backlog message}${message.fields.src_ip}${end}

Hope it helps.