New line in mustache template for destination

hey,

Can anyone help me out on how to give newline delimiter using mustache template in the destination block?

Eg:

Condition configuration:
Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.

• Trigger: {{ctx.trigger.name}}
• Severity: {{ctx.trigger.severity}}
• Period start: {{ctx.periodStart}}
• Period end: {{ctx.periodEnd}}

Unhealthy Nodes:
{{#ctx.results.0.aggregations.hosts.buckets}}Hostname → {{key}} containers → {{#dockers.buckets}}{{key}}, {{/dockers.buckets}}{{/ctx.results.0.aggregations.hosts.buckets}}

current output:

Monitor Health check alerts - non kube just entered alert status. Please investigate the issue.

• Trigger: TEST TRIGGER
• Severity: 1
• Period start: 2019-04-18T12:35:53Z
• Period end: 2019-04-18T12:36:53Z

Unhealthy Nodes:
Hostname → hostname1 containers → container name1, Hostname → hostname2 containers → container name2,

Desired output:

Monitor Health check alerts - non kube just entered alert status. Please investigate the issue.

• Trigger: TEST TRIGGER
• Severity: 1
• Period start: 2019-04-18T12:35:53Z
• Period end: 2019-04-18T12:36:53Z

Unhealthy Nodes:
Hostname → hostname1 containers → container name1,
Hostname → hostname2 containers → container name2,

Thanks,
Nishant

Hi Nishant,

Can you try formatting this part from:

to

{{#ctx.results.0.aggregations.hosts.buckets}}
Hostname -> {{key}} containers -> {{#dockers.buckets}}{{key}}, {{/dockers.buckets}}{{/ctx.results.0.aggregations.hosts.buckets}}

Hello.
This is a HTML document. So you can use <.br>(without dot) to split lines.
In your case
{{#ctx.results.0.aggregations.hosts.buckets}}Hostname → {{key}} containers → {{#dockers.buckets}}{{key}}, {{/dockers.buckets}}<.br>{{/ctx.results.0.aggregations.hosts.buckets}}
Remove dot before br.

@Serge @dbbaughe
I can create the message output using the following:

triggered Alert for Host: {{_source.host.name}} with Severity: {{ctx.trigger.severity}} for log level *{{_source.log.level}} event_id: {{_source.winlog.event_id}}

But how can i aggregate the alert message output by host and the number/total count of event_id

Desired Output:

• Trigger: Test Trigger if Event_id count >= 9
• Severity: 1
• Period start: 2019-09-3T12:35:53Z
• Period end: 2019-09-3T12:36:53Z

Unhealthy Nodes:
Hostname: computer01, Event_id: 8194, Event_Count: 20
Hostname: computer02, Event_id: 8194 , Event_Count: 10

I have the following Query response

{
“_shards”: {
“total”: 25,
“failed”: 0,
“successful”: 25,
“skipped”: 0
},
“hits”: {
“hits”: [
{
“_index”: “winlogbeat-7.1.1-2019.09.03”,
“_type”: “_doc”,
“_source”: {
“agent”: {
“hostname”: “computer01”,
“id”: “c2be2732-0605-44c4-8f6e-759f4bf29eef”,
“type”: “winlogbeat”,
“ephemeral_id”: “26f85118-668f-4fdd-9bfa-90613af50842”,
“version”: “7.1.1”
},
“@timestamp”: “2019-09-03T11:03:45.558Z”,
“winlog”: {
“record_id”: 427038,
“computer_name”: “computer01.corp.test.com”,
“event_id”: 8194,
“task”: “”,
“keywords”: [
“Classic”
],
“channel”: “Application”,
“api”: “wineventlog”,
“event_data”: {
“Binary”: “2D20436F64653A20575254575254494330303030313238372D2043616C6C3230”,
“param1”: “0x80070005, Access is denied.”,
“param2”: “\n\nOperation:\n Gathering Writer Data\n\nContext:\n Writer Class Id: {e8132975}\n Writer Name: System Writer\n Writer Instance ID: {c9162cad-961f}”
},
“opcode”: “Info”,
“provider_name”: “VSS”
},
“ecs”: {
“version”: “1.0.0”
},
“log”: {
“level”: “error”
},
“host”: {
“hostname”: “computer01”,
“os”: {
“build”: “17134.885”,
“kernel”: “10.0.17134.885 (WinBuild.160101.0800)”,
“name”: “Windows 10 Enterprise”,
“family”: “windows”,
“version”: “10.0”,
“platform”: “windows”
},
“name”: “computer01”,
“id”: “81ad8be0-e195-4449-a1ff-94aac008d060”,
“architecture”: “x86_64”
},
“event”: {
“code”: 8194,
“created”: “2019-09-03T11:03:45.616Z”,
“kind”: “event”
},
“message”: “Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback }”
},
“_id”: “L-rL9mwBaGHd-dxVe1hT”,
“sort”: [
1567508625558
],
“_score”: null
},

Currently following is the output

message_output1057×689 43.2 KB