Email action message

ramiwashere · September 26, 2023, 3:55pm

Hello,

I have an alert using rule from security section.
My aim is to gather some information into the mail alert from the alert:

In my example, I would like to take the username & the ip:

{{#context.hits}} Username:  {{_source.source.user.name}} - IP: {{_source.destination.ip}}
{{/context.hits}}

I try several different configuration following links like Rule action variables | Kibana Guide [8.10] | Elastic.

But everytimes, there is a blank on my email alert.

Anyone experienced this ?
Any clue is appreciated

Thank you

system · October 24, 2023, 3:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding a kibana variable in a email alert message Kibana	2	187	September 27, 2023
Kibana Email Alert Kibana elastic-stack-alerting	8	3415	July 1, 2022
Help with rule variables(email alert) Kibana elastic-stack-alerting	5	2356	October 6, 2021
Unable to format rule/alert in Kibana Kibana elastic-stack-alerting , detection-rules	4	394	April 23, 2024
How to add the "hostname" and "environment" variables in the "message body" of the email alert sent from Watcher in Kibana? Kibana elastic-stack-alerting	5	1299	February 22, 2023