Hello very good dear friends, I need your help…
I have a stream in greylog that tells me the connections that start.
These are configured to be alerted to SLACK, which works correctly when a user starts.
In the application it alerts well. But it doesn’t show the custom fields…
from:
fw_src_ip
fw_status
fw_username
I need these fields to be included in the slack alert. but I haven’t been able to solve it… what do I need to add here so that these variables appear in the slack alert?
Hello && Welcome @onecrazyshot
Can you show how this is configured?
HI GSMITH!!
${if backlog}Detalles:
${foreach backlog message}${message.fields.fw_username}${end}
${foreach backlog message}${message.fields.fW_log_component}${end}
${foreach backlog message}${message.fields.fw_src_ip}
${end}${else}
${end}
TIPO: ${stream.description}
SLACK: INFO :
Hello @onecrazyshot
Try something like this.
------[Event Logs]-------------------------------
Fields:
${foreach event.fields field} ${field.key}: ${field.value}
${end}
${if backlog}
Last messages accounting for this alert:
${foreach backlog message}
Username: ${message.fields.fw_username}
Log_component: ${message.fields.fW_log_component}
Source IP: ${message.fields.fw_src_ip}
${end}
Hope that helps
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.