How to use event definition description to send an alert to slack

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Hello, guys.
I tried to add description of event for vizualising it in the slack’s alert.
I used Event Definition Metadata which I found here Alerts
But there was nothing in my alert. Screenshots of my workflow in 3rd point

2. Describe your environment:

  • OS Information:
    5.0.10+40c8c33, codename Noir
  • Package Version:
    5.0.10+40c8c33, codename Noir
  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Looks good to me. Can you run it again with debug logs turned on? That will log the template and data that is being used to generate the message. Maybe that will shed some light.

Hello. Can give it you using only WEB interface? I have’t an access to server via console

You can set log level in the UI on the system/logging screen.

Unfortunately, I don’t have option “Cluster support Bundle” like you send on screenshot before

Ignore that. I am referring to the dropdown next to Subsystem: Graylog. Currently showing info - switch that to debug.

I did. What I should to do after?

Search the log for a message like
customMessage: template = {} model = {}

The placeholders will be replaced by your data. Hoping that will provide a clue.

Unfoturnately, nothing. What i’m doing wrong?

Also I’ve tried to find like this

Sorry, I am referring to Graylogs server logs, not the ingested log messages.

oh, do I to see them it in graylog servel log wich exist on the path ?

/var/log/graylog-server/server.log

yes - that’s what I meant

I’ve got a logs. From all of ours servers. But there is about 1Gb. Which messages I should find?

Search the log for a message like
customMessage: template = {} model = {}
The placeholders will be replaced by your data. Hoping that will provide a clue.

Nothing

My mistake - the {} are actually the placeholders that get replaced.
Does a search for just customMessage: turn up anything?

Unfortunately, nope

There was two messages which I’ve send to my #test-notify channel. Below, all what I’ ve found:

OK, that wasn’t helpful.
Please do another search for this debug output: the custom message model data is