Creating an alarm that outputs the group name

tractor_boy · February 4, 2026, 11:00am

I am trying to build an alert that emits data via a web hook. The alert has grouping, so multiple alerts can fire an any one time.

What I’ve not managed to do is get the group name to be included in the data sent through the web hook.

This is key as each alert goes to a ticket management system, and I need to know what the alert relates to. Without this information then the alert is pretty useless!

I am on elastic 8.15.3 using stack management, custom threshold.

I have the alert firing and creating separate alerts, just not able to output the group name.

I have tried the {{}} options and none see to be populated, at least not for those that could possibly contain the group name

Tortoise · February 5, 2026, 7:00am

Hello @tractor_boy

For below alert group :

So to get the group name i.e. customer_gender :

 "gender": "{{context.group.0.value}}"

Which returns :

  "gender": [

      "MALE"

    ],

If you have confusion try to just use {{context}} & than break the message and see how you can reach the field value…so if you have 2 fields as part of group you might have to use group.1.value to fetch value of 2nd field.

Incase it does not solve your problem kindly share the rule/data in order to understand how groupname can be extracted from the document.

Thanks!!

Topic		Replies	Views
Create and alert based on a GROUP BY Logs elastic-stack-alerting	9	853	September 11, 2024
How specify groupby value in a observability rule Elastic Observability	2	68	May 21, 2025
Context group not visible in rule Kibana elastic-stack-alerting	1	25	December 15, 2025
How to add host name in the alerts UI table Elastic Observability elastic-stack-alerting , painless	7	326	August 21, 2024
Kibana - Metric Threshold Alert - {{context.group}} Kibana elastic-stack-alerting	2	821	February 17, 2023

Creating an alarm that outputs the group name

Related topics