Email Variabls to display HOSTNAME, IP, PROCESS, etc

CrazyCDN · June 17, 2019, 4:42pm

Hi there.

I’m rather new to Graylog v3, and I am in the midst of setting up email notifications based on EventID, which I have set up a few conditions already that trigger email alerts.

The email alerts are successfully delivered to my email address, however in attempt to customize the email alert, I am unable to figure out how to display parts of the message in the body of the email itself.

I’d like to include the HOSTNAME of the server of where the event originated, as well as the process name/path that was part of the trigger (part of the message)

Is this possible?

I’ve tried the following two, but it results in a blank output.

Message Source: {message.source} Message: {message.message}

Any help would be appreciated.

tmacgbay · June 17, 2019, 4:51pm

Looks like you are missing the $ and fields…

${message.fields.message}
${message.fields.source}

CrazyCDN · June 17, 2019, 7:34pm

Hi there.

Thanks for the reply. So I have entered in both of those variables and the data is blank in the notification.

Here’s the output: https://i.imgur.com/Wy5IZLk.png

Here’s the configuration of the notification window:

##########
Alert Condition Title: ${alertCondition.title}
##########

Source: ${message.fields.source}

Message: ${message.fields.message}

Date: ${check_result.triggeredAt}

Alert Description: ${check_result.resultDescription}

Triggered condition: ${check_result.triggeredCondition}
##########

${if backlog}Last messages accounting for this alert:
${foreach backlog message}${message}

${end}${else}
${end}

I’d like to note that I am logging 3 Windows Server boxes using GELF via UDP if that makes any difference.

tmacgbay · June 17, 2019, 9:13pm

I think these need to be encapsulated in the foreach as well. Here is an example working alert I am using that is similar to yours:

${foreach backlog message}
  ${if message.fields.cmg_body}
    TEST-ALERT: ${message.fields.cmg_body}
  ${else}
    TEST-ALERT:  ${message.fields.message}
  ${end}
${end}

${if stream_url}
  Stream URL: ${stream_url}${end}
  ##########

  ${if backlog}
    Last messages accounting for this alert:
    ${foreach backlog message}
      ${message}
    ${end}
  ${else}
    <No backlog>
${end}

CrazyCDN · June 17, 2019, 9:52pm

So I did that, and all I got was:

Stream URL: Please configure ‘transport_email_web_interface_url’ in your Graylog configuration file.

##########
<No backlog>

jan · June 18, 2019, 10:34am

you only have access to the fields in the backlog section

Please re-read the Docs:

http://docs.graylog.org/en/3.0/pages/streams/alerts.html#email-alert-notification

CrazyCDN · June 18, 2019, 1:29pm

Why is it that I only have access to the fields in the backlog section?

jan · June 18, 2019, 1:55pm

Why is it that I only have access to the fields in the backlog section?

because it is written in that way … if you want to have something else, feel free to check Github if your wish is already given as feature request and if not, open a new.

CrazyCDN · June 18, 2019, 2:09pm

Thanks for your response! I just wanted to make sure it wasn’t me that was doing something wrong. If it’s a limitation to Graylog, I’m cool with that.

Thanks all. Have a good day!

system · July 2, 2019, 2:09pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Displaying GELF Windows Event Log fields into the alert notification Graylog Central (peer support)	2	1446	June 8, 2018
Adding source message to Notification Graylog Central (peer support)	2	1911	December 6, 2019
Alert email format Graylog Central (peer support)	12	2515	September 18, 2020
How to make my email alerts more descriptive? Graylog Central (peer support)	5	5086	May 21, 2020
Add the event source to the subject of an email notification Graylog Central (peer support)	8	4328	December 18, 2019

Email Variabls to display HOSTNAME, IP, PROCESS, etc

Related topics