How to access document data (e.g. error message) in alert message using "Per document monitor" with "Extraction Query" (OpenSearch Alerting)

FaisalDevOps · November 12, 2024, 7:29pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Hi I have configure OpenSearch Alert and giving query which will extract
“logEvents.message”: containing error message .The query running fine and giving logs which containing error logs. i want that Alert trigger that complete error log in the Email body i have used many syntax but it didnt work.

e.g : {
“subject”: “Alert: Error Detected in Logs”,
“body”: “Here are the log details:\n\nTotal Hits: {{ctx.results[0].hits.total.value}}\n\n{{#ctx.results[0].hits.hits}}\n- Message: {{_source.logEvents.message}}\n- Timestamp: {{_source.@timestamp}}\n{{/ctx.results[0].hits.hits}}”
}

Configuration:

Relevant Logs or Screenshots:

ssablan · November 20, 2024, 5:34pm

The document is located in ctx - alerts - sample documents array:

system · January 19, 2025, 5:35pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to access Documents Fields (Per Document Monitor Alerts) Alerting	2	150	November 5, 2024
Show match info in the alerts Alerting configure , alerting	2	63	November 8, 2024
Per Document monitor alert that includes Document findings OpenSearch alerting	2	104	August 15, 2024
How do i include message fields in the Alert Action Message for Per document monitor Alerting	6	2003	September 3, 2023
Opensearch alerting -text message in action OpenSearch alerting	2	558	October 26, 2023

How to access document data (e.g. error message) in alert message using "Per document monitor" with "Extraction Query" (OpenSearch Alerting)

Related topics