Hello,
I’m using graylog 2.2.3 and collecting syslog messages into graylog.
Also I want to send message content and source with alert notification email body.
The followings are my alert email template and dropped email.
The question is why i can not see any message related field in dropped email?
I’m using “Field Content Alert Condition”
EMAIL TEMPLATE
##########
Alert Description: {check_result.resultDescription}
Date: {check_result.triggeredAt}
Stream ID: {stream.id}
Stream title: {stream.title}
Stream description: {stream.description}
Alert Condition Title: {alertCondition.title}
{if stream_url}Stream URL: {stream_url}${end}
Triggered condition: ${check_result.triggeredCondition}
##########
{if backlog}Last messages accounting for this alert:
{foreach backlog message}
Message: {message.message}
Source: {message.source}
Full Message: {message.fields.full_message}
{end}{else}<No backlog>
{end}
DROPPED EMAIL
##########
Alert Description: Stream received messages matching message:“down” (Current grace time: 0 minutes)
Date: 2017-07-08T21:11:22.582Z
Stream ID: 595f8ec7651b3f3156838478
Stream title: DOWN-UP Stream
Stream description: Down-Up Streams
Alert Condition Title: Down Alert
Stream URL: Please configure ‘transport_email_web_interface_url’ in your Graylog configuration file.
Triggered condition: 0433d41b-b068-4d8c-b44b-96638b42067f:field_content_value={field: message, value: down, grace: 0, repeat notifications: false}, stream:={595f8ec7651b3f3156838478: “DOWN-UP Stream”}
##########
