Email Variabls to display HOSTNAME, IP, PROCESS, etc

Hi there.

I’m rather new to Graylog v3, and I am in the midst of setting up email notifications based on EventID, which I have set up a few conditions already that trigger email alerts.

The email alerts are successfully delivered to my email address, however in attempt to customize the email alert, I am unable to figure out how to display parts of the message in the body of the email itself.

I’d like to include the HOSTNAME of the server of where the event originated, as well as the process name/path that was part of the trigger (part of the message)

Is this possible?

I’ve tried the following two, but it results in a blank output.

Message Source: {message.source} Message: {message.message}

Any help would be appreciated.

Looks like you are missing the $ and fields…

${message.fields.message}
${message.fields.source}

Hi there.

Thanks for the reply. So I have entered in both of those variables and the data is blank in the notification.

Here’s the output: https://i.imgur.com/Wy5IZLk.png

Here’s the configuration of the notification window:

##########
Alert Condition Title: ${alertCondition.title}
##########

Source: ${message.fields.source}

Message: ${message.fields.message}

Date: ${check_result.triggeredAt}

Alert Description: ${check_result.resultDescription}

Triggered condition: ${check_result.triggeredCondition}
##########

${if backlog}Last messages accounting for this alert:
${foreach backlog message}${message}

${end}${else}
${end}

I’d like to note that I am logging 3 Windows Server boxes using GELF via UDP if that makes any difference.

I think these need to be encapsulated in the foreach as well. Here is an example working alert I am using that is similar to yours:

${foreach backlog message}
  ${if message.fields.cmg_body}
    TEST-ALERT: ${message.fields.cmg_body}
  ${else}
    TEST-ALERT:  ${message.fields.message}
  ${end}
${end}

${if stream_url}
  Stream URL: ${stream_url}${end}
  ##########

  ${if backlog}
    Last messages accounting for this alert:
    ${foreach backlog message}
      ${message}
    ${end}
  ${else}
    <No backlog>
${end}

So I did that, and all I got was:

Stream URL: Please configure ‘transport_email_web_interface_url’ in your Graylog configuration file.

##########

<No backlog>

you only have access to the fields in the backlog section

Please re-read the Docs:

http://docs.graylog.org/en/3.0/pages/streams/alerts.html#email-alert-notification

Why is it that I only have access to the fields in the backlog section?

Why is it that I only have access to the fields in the backlog section?

because it is written in that way … if you want to have something else, feel free to check Github if your wish is already given as feature request and if not, open a new.

Thanks for your response! I just wanted to make sure it wasn’t me that was doing something wrong. If it’s a limitation to Graylog, I’m cool with that.

Thanks all. Have a good day!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.