Graylog Alert Email Callback Variables


(Steven) #1

Hi, I am trying to configure email callback alerts which contain some variables in the body of the email. I have been unsuccessful so far. I understand that you have to enclose your fields in a loop on the backlog object, but I haven’t got the format quite right apparently. The variables in the body of the email show up empty. I have googled for hours and tried many formats that other people have reported to work successfully. I have pasted 2 formats below - one is the default template, and the other is a supposedly working example using the backlog object loop. Please help if my syntax is wrong. Even getting a single variable to show up will be immensely helpful.

Default Template:
Machine: {message.winlogbeat_computer_name} Name: {message.fields.Name}
EventID: {message.fields.EventID} Alert Description: {check_result.resultDescription}
Date: {check_result.triggeredAt} Stream ID: {stream.id}
Stream title: {stream.title} Stream description: {stream.description}
Alert Condition Title: {alertCondition.title} {if stream_url}Stream URL: {stream_url}{end}

Triggered condition: ${check_result.triggeredCondition}
##########

{if backlog}Last messages accounting for this alert: {foreach backlog message}{message} {message.fields.EventID}
{end}{else}
${end}
email_receivers: steven.ochs@cgi.com
sender: graylog@cgi.com
subject: 101 User Logged into Windows online
user_receivers:

Template using backlog object loop:
##########
Alert Description: ${check_result.resultDescription}

Date: ${check_result.triggeredAt}

Stream ID: ${stream.id}

Stream title: ${stream.title}

Stream description: ${stream.description}

Alert Condition Title: ${alertCondition.title}

{if stream_url}Stream URL: {stream_url}

{if backlog}{foreach backlog message} {message.fields.EventID}
{message.fields.TargetUserName} {message.fields.SubjectUserName}
{end}{else}
${end}

Triggered condition: ${check_result.triggeredCondition}
##########

${if backlog}Last messages accounting for this alert:

{foreach backlog message}{message}

{end}{else}
${end}

Thank you!


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.