Hello,
I’ve GrayLog 2.4 working as expected but I need to customize the E-Mail subject in order to get the below desired setup,
I want to Include only the Source, Conditions’ Tile & Device Host-name highlighted below.
Ex. 10.15.2.22 | RMS-SW-S9306-03 | LoopDetected
Below is a SNAP from the email received on the outlook.
SNAP of Conditions’ Title.
Thanks!
Graylog 2.4 is way back there… making public support for your question more difficult…
Hello tmacgbay,
First of all, thanks for your response, actually I think this is a general request and I don’t mind if you share your inputs on a newer version and I’ll try to map it to my version.
I mean it’s just a Subject customization issue.
good point - here is a previous post i did a search for (…) that has the detail you need… read beyond my post as I was slightly wrong in it…
Hello shoothub,
I’m really grateful for your reply, I could now see the source & the condition title in the subject of the email.
Using the below code:
Graylog Alert || Device IP: ${foreach backlog message}${message.source}${end} || ${alertCondition.title}
Can you share with me if it is possible to have the Hostname which is included in the message, to have it as well in the subject.
SNAP with sample Hostname highlighted.
Thanks,
It’s possible if you have extracted Hostname in separate field. After that you can use:
${foreach backlog message}${message.fields.hostname}${end}
Replace hostname with field which contains your Hostname.
How to extract it in a separate field ?
Use extractor or pipeline rule.
https://docs.graylog.org/en/3.3/pages/extractors.html
https://docs.graylog.org/en/3.3/pages/pipelines.html
Hello shoothub,
Thanks for your feedback, actually I’m new to the Graylog.
I went through the above docs but unfortunately didn’t get the best way to extract the hostname.
Here is a sample from the messages I receive on the graylog. All are the same structure.
DATE TIME HOSTNAME THE MESSAGE
I need to extract the highlighted hostname, so please if you can feedback with steps I’ll be appreciated.
Thanks,
Try to use this GROK extractor (grok pattern) for message field:
%{MONTH} +%{MONTHDAY} %{YEAR} %{TIME} %{HOSTNAME:hostname}
And check Named captures only
This way you extract only hostname to field hostname.
Many thanks for your feedback, I could now see the hostname extracted from the message.
But when I try to use it in the subject I get the below error.
This is what I used to send the notification.
${foreach backlog message}${message.hostname}${end}
Correct one will be (sorry for previous post, editor broke some characters):
${foreach backlog message}${message.fields.hostname}${end}
Actually I’m truly grateful for your kind help, it’s now working fine.
Am sharing my used code below to help others, and if you’ve any concerns or you see any issue can affect the performance or need to add anything it’ll be appreciated.
Subject:
Graylog Alert || {foreach backlog message}{message.fields.hostname}{end} || {alertCondition.title}
E-Mail Body
GrayLog Alert
############
{foreach backlog message}
*** Source Device ***
{message.fields.hostname}
${message.source}
*** Log Message ***
${message.fields.message}
*** Alert Time ***
{message.timestamp}
{end}
Other Details
Alert Description: {check_result.resultDescription}
Date: {check_result.triggeredAt}
Stream ID: {stream.id}
Stream title: {stream.title}
Stream description: {stream.description}
Alert Condition Title: {alertCondition.title}
{if stream_url}Stream URL: {stream_url}{end}
Triggered condition: {check_result.triggeredCondition}
Thanks
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
