Email Alert Notification

onkargl007 · July 20, 2020, 11:21am

Greetings Team,

i have configured the email based alert notification but email i am getting its not as expected, below is the configuration…

Email Body Template:

— [Event Definition] ---------------------------
Title: {event_definition_title} Description: {event_definition_description}
Type: {event_definition_type} --- [Event] -------------------------------------- Timestamp: {message.fields.timestamp}
Source: {message.fields.Device_Name} Severity: {message.fields.Severity}
Message_Code: {message.fields.Message_Code} Message: {message.fields.Message}
Priority: {event.priority} Alert: {event.alert}
Fields: {message.message} {foreach event.fields field} {field.key}: {field.value}
{end} {if backlog}
— [Backlog] ------------------------------------
Last messages accounting for this alert:
{foreach backlog message} {message}
{end} {end}

Event Filter (Search Query):

=============================================
below email i am getting:
— [Event Definition] ---------------------------
Title: Alerts_For_Critical_Alarms
Description:
Type: aggregation-v1
— [Event] --------------------------------------
Timestamp:
Source:
Severity:
Message_Code:
Message:
Priority: 3
Alert: true
Fields:

Ponet · July 20, 2020, 11:23am

You haven’t said what you are expecting but, I assume you are wondering why there is no backlog included.

Check your event definition which triggers this notification.
In the notification section of the event definition, make sure you have enabled the backlog set it to include at least 1 message.

onkargl007 · July 20, 2020, 11:32am

hey, thanks for your prompt response…
below is the event definition i have configured,

Filter & Aggregation

Type

Filter

Search Query

Severity:(1 OR 2 OR 3)

Streams

All messages

Search within

1 minutes

Execute search every

1 minutes

Enable scheduling

yes

let me know what need to change in email body settings…

Ponet · July 20, 2020, 11:35am

You still haven’t said what you’re expecting to see so, I don’t know what should be changed in the email body.

onkargl007 · July 20, 2020, 12:12pm

the email notification that i am receiving from graylog is as below, it does not contain the required information, for example i want to get an info related to source, severity, message_code, etc in email notification…

— [Event Definition] ---------------------------
Title: Alerts_For_Critical_Alarms
Description:
Type: aggregation-v1
— [Event] --------------------------------------
Timestamp:
Source:
Severity:
Message_Code:
Message:
Priority: 3
Alert: true
Fields:

Ponet · July 20, 2020, 12:21pm

Okay, looking over the email body again, you are trying to use values within the $message object.
You can only do that while iterating over the backlog, see the following documentation:
https://docs.graylog.org/en/3.3/pages/alerts.html#data-available-to-notifications

system · August 3, 2020, 12:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to make my email alerts more descriptive? Graylog Central (peer support)	5	4692	May 21, 2020
Email Alert sending separate emails for different messages Graylog Central (peer support)	6	1299	September 2, 2020
Graylog 3.1.4 Alert Backlog Issue Graylog Central (peer support)	2	419	November 25, 2020
Email notifcation, no backlogs Graylog Central (peer support) basic-configuration	15	1890	January 13, 2022
Email Template Backlog Graylog Central (peer support)	7	444	April 8, 2020

Email Alert Notification

Filter & Aggregation

yes

Related Topics