Show host ID via API GET request (alerts)

Hi there.

While it is possible to identify the host the alert got triggered by via the HTTP callback and the mail alert, it seems there is no way to identify the host via a GET request against the API.

Am I just blind, or is this actually the case?

To give some examples and clarify my question:

Email output

Date: 2019-07-23T15:04:29.271Z
Stream title: MySQL dumps
Stream URL: https://SERVER:9000/streams/5d36b9948b72d90fd1e609c4/messages?rangetype=absolute&from=2019-07-23T14:59:29.271Z&to=2019-07-23T15:04:29.271Z&q=*
Last messages accounting for this alert:

Source: HOST !!!!
Message: mysqldump: Got error: 1652
Timestamp: 2019-07-23T15:04:01.089Z

Via HTTP Callback

{
------------------------------------
    "triggered_at": "2019-07-23T15:04:29.271Z",
    "triggered": true,
    "matching_messages": [
      {
        "index": "graylog_67",
        "message": "mysqldump: Got error: 1652",
        "timestamp": "2019-07-23T15:04:01.089Z",
        "source": "HOST", !!!!
        "stream_ids": [
          "5d36b9948b72d90fd1e609c4",
          "000000000000000000000001"
        ],
------------------------------------

is that field present in the data? how did you reference that in the mail?

It is.

Date: ${check_result.triggeredAt}
Stream title: ${stream.title}
${if stream_url}Stream URL: ${stream_url}${end}

${if backlog}Last messages accounting for this alert:
${foreach backlog message}
Source: ${message.source}
Message: ${message.message}
Timestamp: ${message.timestamp}
${end}${else}<No backlog>
${end}
``

is the “HOST !!!” inserted by you or what you see in the message?

Yup, I just marked it that way to emphasize that one can identify the host via the mail + HTTP callback alert.

you actually would need to make the same query as the alert use against the api to get the exact messages returned. Just a command like “give me the messages that trigger the alert” is not (yet) given.

But feel free to create a feature request over at Github for this.

https://github.com/Graylog2/graylog2-server/issues?

In documentation it says that the GUI is actually only using the API itself. So my question really is: Where do the email and HTTP alerts get the information and why does the API itself not have this? I searched through the API browser top to bottom and could not find anything remotly close to what the other two give me.

Can you elaborate on that, please?

it does not have that available.

Well, I understood that. But where do the other two alert functions get that information from?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.