How do i include message fields in the Alert Action Message

AndreyB · February 22, 2022, 2:16pm

Have you added the needed fields to stored_fields in a query editor?

"docvalue_fields": [
        {
            "field": "@timestamp",
            "format": "date_time"
        },
                {
            "field": "container.name",
            "format": "string"
        },
        {
            "field": "host",
            "format": "string"
        },
        {
            "field": "m.alert.severity",
            "format": "string"
        },
        {
            "field": "m.alert.name",
            "format": "string"
        },
        {
            "field": "m.stackTrace",
            "format": "string"
        }

And then you should define those field in the Action:

 Monitor {{ctx.monitor.name}} just entered ALERT status. Please investigate the issue.
- Alert time: {{ctx.periodStart}}

{{#ctx.results.0.hits.hits}}
> {{_source.container.name}} - {{_source.host}} - {{_source.m.alert.severity}}
> {{_source.m.alert.name}}
> {{_source.m.stackTrace}}
{{/ctx.results.0.hits.hits}}

Topic		Replies	Views
How to include message fields in the Alert Action Message for Per query monitor Alerting discuss	6	316	April 9, 2024
Issue -Sending Specific Fields To Slack when Alert Triggered OpenSearch	8	176	February 18, 2024
How do i include message fields in the Alert Action Message for Per document monitor Alerting	6	1318	September 3, 2023
How to put documents field values to alerting message? Alerting	1	441	February 7, 2023
Include document fields in the message Open Source Elasticsearch and Kibana	1	614	November 6, 2020

How do i include message fields in the Alert Action Message

Related Topics