Notifications don't contain data

Graylog Central (peer support)
1

versions:
I use Graylog 4.3, because of I can’t use MongoDB 5, because of CPU doesn’t support AVX.

issue:
Notifications don’t contain data.

For example this syslog event:

image
image600×874 18.3 KB

Send this notification (there is only one message during this time):
[here should be image, but as new user I can’t upload, so I paste raw text]

Event Definition
Title	Errors
Description	
Type	aggregation-v1

Event
Timestamp	2023-11-12T11:35:06.296Z
Message	Errors
Source	server
Key	
Priority	3
Alert	true
Timestamp Processing	2023-11-12T11:35:06.296Z
Timerange Start	
Timerange End	
Source Streams	000000000000000000000001
Fields

which is not helpful at all. I don’t even have source “server”.

I use default template for notifications. Bellow Email Body

--- [Event Definition] ---------------------------
Title:       ${event_definition_title}
Description: ${event_definition_description}
Type:        ${event_definition_type}
--- [Event] --------------------------------------
Timestamp:            ${event.timestamp}
Message:              ${event.message}
Source:               ${event.source}
Key:                  ${event.key}
Priority:             ${event.priority}
Alert:                ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start:      ${event.timerange_start}
Timerange End:        ${event.timerange_end}
Fields:
${foreach event.fields field}  ${field.key}: ${field.value}
${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
${message}
${end}
${end}

Why? How to fix? Any way to add link to graylog to event?

2

Hi @kwladyka

Struggled with that to, our defenition looks like this at the end:

${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
https://<graylog server (ip)addres>:9000/messages/${message.index}/${message.id}
${message}

and the HTML body template looks like this at the end:

${if backlog}
<br /><table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1.2"><tbody>
<tr><th style="background-color:#e6e6e6;line-height:1.5">Backlog (Last messages accounting for this alert)</th></tr>
${foreach backlog message}
<tr><td>${message}</td></tr>
<tr><td>http://<graylog server (ip)addres>:9000/messages/${message.index}/${message.id}</td></tr>
${end}
</tbody></table>
${end}

Good luck :slight_smile:

Kind greetings,
Arie

1 Like
3

I have tried it, but it still I don’t see any fields or message.

4

Hi @kwladyka

In the event defenition at the section Notifications is Message backlog checked?

afbeelding

1 Like
5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.