Message.source field as variable in alert

Hi All,

I’m pulling my hairs out to find any possibility to add the message.source field as a variable to alerts. I’m using zenoss for monitoring my devices and would like to trigger an event if the message includes a substring. To achieve that I have to send an email alert with the sender address anything@message.source. I also tried to get the surce field in the alter body and sending it to an HTTP API but unfortunately also without any luck.

If some one could point me into the right direction how to add the message.source field to a HTTP alarm callback that would be great. Any hint is appreciated.

Thanks in advance and greetings from Berlin, Germany.

BTW: Graylog rules! :slight_smile:

I don’t think you can actually use the message source as a template variable in the send-to address for email alerts, I’m not entirely sure what you need to accomplish, so explain it to me like I’m 5 - what do you need to have happen when an alert is triggered?

Thanks for your answer.

Well…I’m trying to explain :wink:

I would like to forward alarms to my monitoring system (Zenoss) via email. Zenoss indentifies the device for which it received the alarm by stripping the right part of the receipient address (e.g. @ or @FQDN).

So in short: I’m looking for a possibility to forward an alarm via email and need to add the device IP address or hostname to the receipient email address.

Just a quick update.

Found another solution: installed graylog-http-plugin, started a small HTTP API server to receive the alert. Works perfectly but unfortunately the plugin don’t add the source device to the HTTP call :frowning:

And finally I modified the plugin and everything works as desired.

Anyway…thanks for your feedback!

Go go gadget open source! :smiley:

Glad to see you have it working!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.