Displaying GELF Windows Event Log fields into the alert notification

Hello all,

I’m sending some Windows event logs to Graylog via GELF / NXLOG. Everything is ok.
I’m trying to create email notification and display some of fields of the event log message but I couldnt.

Here is my basic config example. Could you help me to find the correct syntax ? Thanks in advance.

##########
Alert Description: {check_result.resultDescription} Date: {check_result.triggeredAt}
Stream ID: {stream.id} Stream title: {stream.title}
Stream description: {stream.description} Alert Condition Title: {alertCondition.title}
{if stream_url}Stream URL: {stream_url}${end}

Triggered condition: ${check_result.triggeredCondition}
##########

{if backlog}Last messages accounting for this alert: {foreach backlog message}${message}

EVENT ID: $${message.fields.EventID} . # I had to type twice the dollar sign
TARGET USER NAME: $${message.fields.TargetUserName} # I had to type twice the dollar sign

{end}{else}
${end}

Check out Java Minimal Template Engine for a general manual about the template language used for the email templates and http://docs.graylog.org/en/2.4/pages/streams/alerts.html#email-alert-notification for specifics, such as the available variables in the Graylog email templates.

See FAQ - Graylog Community.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.