How do i include message fields in the Alert Action Message

AndreyB · February 22, 2022, 2:16pm

Have you added the needed fields to stored_fields in a query editor?

"docvalue_fields": [
        {
            "field": "@timestamp",
            "format": "date_time"
        },
                {
            "field": "container.name",
            "format": "string"
        },
        {
            "field": "host",
            "format": "string"
        },
        {
            "field": "m.alert.severity",
            "format": "string"
        },
        {
            "field": "m.alert.name",
            "format": "string"
        },
        {
            "field": "m.stackTrace",
            "format": "string"
        }

And then you should define those field in the Action:

 Monitor {{ctx.monitor.name}} just entered ALERT status. Please investigate the issue.
- Alert time: {{ctx.periodStart}}

{{#ctx.results.0.hits.hits}}
> {{_source.container.name}} - {{_source.host}} - {{_source.m.alert.severity}}
> {{_source.m.alert.name}}
> {{_source.m.stackTrace}}
{{/ctx.results.0.hits.hits}}

Topic		Replies	Views
Getting Log Information in the Notification of an alert Open Source Elasticsearch and Kibana troubleshoot , feature-request	2	308	May 20, 2024
How to include message fields in the Alert Action Message for Per query monitor Alerting discuss	6	1346	April 9, 2024
Issue -Sending Specific Fields To Slack when Alert Triggered OpenSearch	8	451	February 18, 2024
How can I save entire message fields in the Alert Action Setting- OpenSearch Alerting troubleshoot	1	107	June 28, 2024
How do i include message fields in the Alert Action Message for Per document monitor Alerting	6	2051	September 3, 2023

How do i include message fields in the Alert Action Message

Related topics