Including message contect into alert notification email


(Bayram Karagoz) #1

Hello,

I’m using graylog 2.2.3 and collecting syslog messages into graylog.
Also I want to send message content and source with alert notification email body.
The followings are my alert email template and dropped email.
The question is why i can not see any message related field in dropped email?

EMAIL TEMPLATE

##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
Stream ID: ${stream.id}
Stream title: ${stream.title}
Stream description: ${stream.description}
Alert Condition Title: ${alertCondition.title}
${if stream_url}Stream URL: ${stream_url}${end}

Triggered condition: ${check_result.triggeredCondition}
##########

${if backlog}Last messages accounting for this alert:
${foreach backlog message}
Message: ${message.message}
Source: ${message.source}
Full Message: ${message.fields.full_message}
${end}${else}<No backlog>
${end}

DROPPED EMAIL

##########
Alert Description: Stream received messages matching <message:"down"> (Current grace time: 0 minutes)
Date: 2017-07-08T21:11:22.582Z
Stream ID: 595f8ec7651b3f3156838478
Stream title: DOWN-UP Stream
Stream description: Down-Up Streams
Alert Condition Title: Down Alert
Stream URL: Please configure 'transport_email_web_interface_url' in your Graylog configuration file.

Triggered condition: 0433d41b-b068-4d8c-b44b-96638b42067f:field_content_value={field: message, value: down, grace: 0, repeat notifications: false}, stream:={595f8ec7651b3f3156838478: "DOWN-UP Stream"}
##########

<No backlog>

Thanks for your help


(Jochen) #2

What’s the exact alert condition you’re using?


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.