Why does the content of Graylog notification alert so poor?

Hello,

I’ve configured a few notification alerts to my email. However, the contents of such alerts are too poor for me to have visibility into what actually happened:

How to enrich the data in this situation?

Thank you.

In the body template of the e-mail notification you can include fields and text that are relevant to the alert you can make it look nicer in the HTML Body Template. Here are examples of the two:

Body Template:

${if stream_url}Stream URL: ${stream_url}${end}
--- [Key Information] ----------------------------

${foreach backlog message}${if message.fields.KeyData}${message.fields.KeyData}${else}${message.message}${end}

--- [Fields] --------------------------------------
${foreach message.fields field}  ${field.key}:----->${field.value}
${end}
${end}
${if backlog}
--- [Backlog] ------------------------------------${foreach backlog each_message}
-------------[message] ---------------------------

${if each_message.fields.KeyData}${each_message.fields.KeyData}${else}${each_message.message}${end}

${end}
${end}

HTML Body Template:

<style>
  table {
    border-collapse: collapse;
  }

  table td,
  table th {
    border: 1px solid #000;
  }

  table tr:first-child th {
    border-top: 0;
  }

  table tr:last-child td {
    border-bottom: 0;
  }

  table tr td:first-child,
  table tr th:first-child {
    border-left: 0;
  }

  table tr td:last-child,
  table tr th:last-child {
    border-right: 0;
  }

</style>
<table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1">
   <tbody>
    <!-- Event Digest Title Bar  -->
        <th colspan="4" style="background-color:#e6e6e6;line-height:1.5">
			${foreach backlog message}
				${message.source} - Event Digest <br> 
				${if message.fields.event_code}
					[event_id: ${message.fields.event_code}]<br>
				${end}
			${end}
        </th>
      <!-- First section quick info/digest on alert  -->
    <tr>
		${foreach backlog message}
			<td>Event:</td>
			${if message.fields.KeyInfo}
				<td>${message.fields.KeyInfo}</td>
			${else} 
				${if message.fields.the_digest}
					<td>${message.fields.the_digest}</td>
				${else}
					<td>NO_DIGEST</td>
				${end}
			${end}
		${end}
    </tr>
   </tbody>
</table>
<br>
<table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1">
<tbody>
	<!-- Event Detail - Title Bar  -->
    <tr>
        <th colspan="3" style="background-color:#e6e6e6;line-height:1.5">Event Detail</th>
    </tr>
    <!-- Block for Event Detail messages -->
 			${foreach backlog message}
				<tr>
				${if message.fields.event_detail}
					<td>Event Detail:</td>
					<td><pre>${message.fields.event_detail}</pre></td>
				${else}
					${if message.fields.KeyData}
						<td><pre>${message.fields.KeyData}</pre></td>
					${else}
						<td><pre>${message.message}</pre></td>
					${end}
				${end}
				</tr>
			</tbody>
		</table>
		<table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1">
			<tbody>
				<tr>
					<th colspan="3" style="background-color:#e6e6e6;line-height:1.5"></th>
				</tr>
      <!-- Block for Cause/Action Messages -->
				${if message.fields.event_cause}
					<tr>
						<td>CAUSE:</td> 
						<td><pre>${message.fields.event_cause}</pre></td>
					</tr>
				${end}
				${if message.fields.event_action}
					<tr>
						<td>ACTION:</td>
						<td><pre>${message.fields.event_action}</pre></td>
					</tr>
				${end}
			${end}
			</tbody>
</table>
<br>
<table width="100%" border="0" cellpadding="10" cellspacing="0" style="background-color:#f9f9f9;border:none;line-height:1">
   <tbody>
    <tr>
		<th colspan="4" style="background-color:#e6e6e6;line-height:1.5">Backlog (Last messages accounting for this alert)</th>
    </tr>
      <!-- Use this section to show fields you are interested in IF they exist -->

	${if backlog}
		${foreach backlog message}
			${if message.fields.winlog_event_data_TargetUserName}
				<tr>
					<td>Target-User:</td>
					<td>${message.fields.winlog_event_data_TargetUserName}</td>
				</tr>
			${end}
			${if message.fields.winlog_event_data_SubjectUserName}
				<tr>
					<td>Subject-User:</td>
					<td>${message.fields.winlog_event_data_SubjectUserName}</td>
				</tr>
			${end}
			 ${if message.fields.EventReceivedTime}
				<tr>
					<td>Event Time:</td>
					<td>${message.fields.event_received_time}</td>
				</tr>
			${end}
		${end}
	${end}
   </tbody>
</table>

<table width="100%" border="0" cellpadding="10" cellspacing="0" align="left" style="background-color:#f9f9f9;border:none;line-height:1.5">
   <tbody>
       <!-- give a link to the actual message  -->
		<th  colspan="2" style="background-color:#e6e6e6;line-height:1.5">
			${foreach backlog message}
				http://graylog:9000/messages/${message.index}/${message.id}
				</th>
				<tr>
					<td><b><u>Field</b></u></td>
					<td><b><u>Data</b></u></td>
				</tr>
				<tr>
					<td>Message:</td>
					<td>${message.message}</td>
				</tr>
				${foreach message.fields this_field}
					<tr>
						<td>${this_field.key}</td>
						<td>${this_field.value}</td>
					</tr>
				${end}
			${end}
   </tbody>
</table>

 
2 Likes

Your input is highly appreciated! I’ve been looking into it.

If this works out as you wish, mark it as the solution for future searchers! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.