Use extracted field as email alert recipient

kkplein · October 3, 2019, 10:32am

Hi!

We love graylog, thank you for making it available!!

Have setup an extractor to extract “ad_username” from authentication failures. Now we want to setup an alert for more than X authentication failures in a row, to alert the end user. So, as an alert recipeint, we are trying to use the extracted username, like: ad_username@company.com

However, the “ad_username” is kept, rather then being replaced by the actual username, so the email is sent to ad_username@company.com which of course does not work.

We tried: ${ad_username}@company.com, $${$ad_username}@company.com, {$ad_username}@company.com, etc, all with similar result.

Is what we are trying to do possible? FYI: graylog 2.4 (yes, we need to upgrade)

jan · October 4, 2019, 8:25am

he @kkplein

such a request is not possible. It would be a feature request over at github. But that will be never get a backport to that version you are using.

kkplein · October 4, 2019, 8:39am

Hi Jan,

Aha, not possible now, good to know I’m not missing something. I will submit a feature request, and of course I understand that it would not be ported to our old version. We have to upgrade anyway, and that is fine. Just haven’t done it yet.

Thanks for the reply!

jan · October 4, 2019, 9:17am

system · October 18, 2019, 9:17am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.1 using extractor in email subject Graylog Central (peer support)	5	456	November 1, 2019
Extracting Message Parameters to Alert Emails Graylog Central (peer support)	6	1276	May 22, 2021
Best practice - unwanted field extraction Graylog Central (peer support)	7	1594	January 19, 2022
Sshd field username Graylog Central (peer support)	3	2275	June 26, 2017
Extracting string from a mesage Graylog Central (peer support)	2	912	February 15, 2022

Use extracted field as email alert recipient

Related topics