Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I try to use the parameter “event” & “backlog” with http_notifications.
And “event” is return what I want.
But when I used “backlog”, I cant receive the notifications.
I want to know if I miss any configuration.
can someone help me? Thx!

environment: graylog5.2.3
Here is the template of my notification.

告警信息

告警描述：{{.event_definition_description}}

告警触发时间：{{GetCSTtime .event.timestamp}}

登录源IP：{{.event.fields.loginfrom}}

登录账号：{{.event.fields.username}}

告警设备：{{.event.fields.source}}

告警信息

告警描述：{{.event_definition_description}}

告警触发时间：{{GetCSTtime .backlog.timestamp}}

登录源IP：{{.backlog.fields.loginfrom}}

登录账号：{{.backlog.fields.username}}

告警设备：{{.backlog.fields.source}}

Can you clarify what this means?

But when I used “backlog”, I cant receive the notifications.

Are you getting an error? Is there an error in the server.log?

Thanks.

Hi,

in my cases where i need to extract the fields from backlog, the fields returned only values when i enclose it in breakets ( .backlog.[“fields”][“timestamp”] )

additional make sure, the triggered alert sends at least 1 backlog-message:

best regards,
Coffee_is_life

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.