Unable to view stream/message detail in email notification received

sanket.pathre · November 18, 2019, 6:59am

Hi There,

I have created one email notification on specific message in my stream
but email I received dont hold required data.

I follow below link form Gray log documentation

http://docs.graylog.org/en/3.1/pages/streams/alerts.html

" Email alert notification" is what I used.

But in Email that I received I dont find stream Id/title/URL

Below is email template I created and attached to Alert.

"
— [Event Definition] ---------------------------
Title: ${event_definition_title}

Description: ${event_definition_description}

Type: ${event_definition_type}

stream_url: {stream_url} stream:{stream} – Empty data

stream Id : ${stream.id} – Empty data

stream Title: ${stream.title} – Empty data

stream Description: ${stream.description} – Empty data

—check Result----

check_result :${check_result} – Empty data

check_result Trigger Condition: ${check_result.triggeredCondition} – Empty data

–backlog —

backlog: ${backlog.length} – Empty data : 0

Test Streams: ${streams} – Empty data

Streams Length : ${streams.length} – Empty data

–

— [Event] --------------------------------------
Timestamp: {event.timestamp} Message: {event.message}
Source: {event.source} Key: {event.key}
Priority: {event.priority} Alert: {event.alert}
Timestamp Processing: {event.timestamp} Timerange Start: {event.timerange_start}
Timerange End: {event.timerange_end} Fields: {foreach event.fields field} {field.key}: {field.value}
{end} {if backlog}
— [Backlog] ------------------------------------
Last messages accounting for this alert:
{foreach backlog message} {message}
{end} {end}

"

Below is filter and Aggregation:
SearchQuery : message:“This is test message”
Streams: “MyStreamName”
Search Winthin the last : 10 Minutes (able to view result in Filter Preview)
Execute search eevery : 1 minutes
Filter has results: checked

shoothub · November 20, 2019, 1:59pm

Graylog by default doesn’t setup backlog parameter. So check your Alerts - Events Definitions - Edit - on tab Notifications tick checkbox and edit to 1. It is a number of messages to be included in Notifications. If not configured, message details is empty, because backlog is object is also empty.

If you want your custom fields included in message, use iteration of object backlog. Custom field should use syntax message.fields.own_field and so on.

${if backlog}
${foreach backlog message}
User ${message.fields.username} connected from IP ${message.fields.src_ip} to device ${message.source}
${end}
${end}

system · December 4, 2019, 2:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Including message contect into alert notification email Graylog Central (peer support)	2	799	July 24, 2017
Including message content into alert notification email Graylog Central (peer support)	3	7685	September 22, 2017
URL to Graylog message in Email notification Graylog Central (peer support)	5	998	January 25, 2021
Stream URL missing in Email Notifications Graylog Central (peer support)	1	452	February 28, 2020
Email Notification - full_message Graylog Central (peer support)	4	7126	September 8, 2017

Unable to view stream/message detail in email notification received

Related Topics