Hello,
i want to send kibana alerts to the index in elasticsearch. For this purpose i created rule and select index type connector. But i need also alerts status,but when i tried some variables for visible alerts status no one worked .
Here is my JSON document for index:
{
"alert_id": "{{alert.id}}",
"rule_id": "{{rule.id}}",
"status": "{{*}}", // I have also tried {alert.status}, {kibana.alert.status}, and {context.status}
"reason": "{{context.reason}}",
"service_name": "{{context.serviceName}}",
"date": "{{date}}"
}
However, the status field remains empty in the index. For example, the indexed alert appears like this:
{
"_index": "kibanalert-dev",
"_id": "_7diD5IBcuQynkqd-uSP",
"_score": 1,
"_source": {
"alert_id": "my-ms_request",
"rule_id": "4de0ed90-7745-11ef-942e-71e8069c78d5",
"status": "",
"reason": "Avg. latency is 1.0 ms in the last 5 mins for service: my-ms, env: dev, type: request. Alert when > 1,000 μs.",
"service_name": "my-ms",
"date": "2024-09-20T12:23:15.167Z"
}
}
Is there a specific variable I should use to correctly capture the status? Or is there a way to check the alert status before sending it to the index?
Thanks in advance!