im trying to add a custom field from the table of the event but it dosent pass the value into the teams webhook
Hi @fontexD
Which version of ES/Kibana are you using?
Before 8.8, action has in its context array of alerts. So, to get property from alert, you would need to do something like this:
- Get property from the first only alert
{{#context.alerts.0}}{{custom.property}}{{/context.alerts.0}}
- Get all properties from array
{{#context.alerts}}{{custom.property}}{{/context.alerts}}
Thanks, Vitalii
how would i get this one ? im using 8.8 :=)
i tried all of this
{
"alert_id": "{{alert.id}}",
"alert_action_group": "{{alert.actionGroup}}",
"alert_action_subgroup": "{{alert.actionSubgroup}}",
"alert_action_group_name": "{{alert.actionGroupName}}",
"kibana_base_url": "{{kibanaBaseUrl}}",
"rule_id": "{{rule.id}}",
"rule_name": "{{rule.name}}",
"rule_description": "{{rule.description}}",
"user": "{{user.target.name}}",
"user": "{{winlog.event_data.TargetUserName}}"
IT WORKED! thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.