You have to setup number of backlog to 1: in Alerts - Event Definitions - tab Notifications and field Message Backlog, tick the checkbox and set 1.
Message backlog define number of messages to be included in Notifications.
Source in default template for notification use {event.source}, which is source of event, not a source device.
If you want device source included in notification message use:
${foreach backlog message}${message.source}${end}
If you want to use user field (for example: src_ip) use {$message.fields.src_ip}:
${foreach backlog message}${message.fields.src_ip}${end}
For example I use this message text after somebody connect to switch:
{foreach backlog message} Source device: {message.source} Username: {message.fields.username} IP: {message.fields.src_ip} ${end}
You can also use same technique in message subject, for example I use this:
User ${foreach backlog message}${message.fields.username}${end} connected to switch ${foreach backlog message}${message.source}${end} from IP ${foreach backlog message}${message.fields.src_ip}${end}
Hope it helps.