I’m pulling my hairs out to find any possibility to add the message.source field as a variable to alerts. I’m using zenoss for monitoring my devices and would like to trigger an event if the message includes a substring. To achieve that I have to send an email alert with the sender address firstname.lastname@example.org. I also tried to get the surce field in the alter body and sending it to an HTTP API but unfortunately also without any luck.
If some one could point me into the right direction how to add the message.source field to a HTTP alarm callback that would be great. Any hint is appreciated.
Thanks in advance and greetings from Berlin, Germany.
BTW: Graylog rules!