Does any one know the syntax to add the Alert Description shown on the Alerts & Events Page to the notifications. Essentially I’m doing Aggregation Alerts and the alert description shows the exact information I need.
It would be great if this is possible, thank you in advance for your help.
Hello,
actually good Idea. I was unable to make that happen.
Maybe looking here or posting for a feature requests.
EDIT: Just to be clear you want this section,
To be shown in this section?
Thanks for the response gsmith,
Sorry for the late response I was out of the office for a minute.
The description is from the main alerts page. (ie. “https://mygraylogserver.com/Alerts”)
Then I would like to show that value in the body of the Notification for the alert.
I have an alert that will fire when a user tries to login to something X number of times. If I send the message backlog it doesn’t show me the info I need in the alert (its just sends the most recent logs which aren’t what fired the alarm). Basically User X has attempted to login 500 times, similar to the mass file deletions listed in the first screen shot.
Thanks again gsmith
Hello,
Correct me if I’m wrong you want the description from the first picture into your Notification.
The ${event_definition_title} will show the Alert.
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Here is my default Notification configuration.
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Key: ${event.key}
Priority: ${event.priority}
Alert: ${event.alert}
Streams: ${event.streams}
Source Stream: ${event.source_streams}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
Fields:
${foreach event.fields field} ${field.key}: ${field.value}
${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
${message}
${end}
${end}
Edit:
Here is example of my Alert in the web UI.
Here is example on a received email. I believe in the red box is what you wanted. That would be this section of the Notification template Message: ${event.message}
Hope that helps.
Yes that looks like what I want I set it and will wait for an alert to fire to verify it, im a little dissapointed in myself that I didn’t see that.
100% that was it!!
Thanks so much gsmith.
No problem, Glad I can help @tfpk
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
