Help with rule variables(email alert)

I would like to know if it is possible for me to use the value of an event field in the email notification of a rule, for example, in the log index comes the fields with IP, SRC, ATTACK_INFO, severity and others, and I would like to put these fields in the body of the notification via email (of the event that generated the alert). Would it be possible to do something like {{SRC}} and put it in the body of the email, and in the alert it brings the value of this field?

1 Like


Can you please look at this doc? Create and manage rules | Kibana Guide [7.x] | Elastic

From what I see - this looks possible?


Each rule type exposes a set of variables prefixed with context. for use in actions like email. Which rule type are you using? Under this section of the documentation, you can see the variables that are available in a popup window displayed when clicking the blue button next to an action field - Create and manage rules | Kibana Guide [7.x] | Elastic

okay thanks!, I'll take a look at the documentation. I have one more question about alerts (email connector), can I use HTML on it?

The email connector expects the message parameter to be in markdown format, and will then convert that to HTML after expanding the mustache templates. The email is then sent multi-part, with the generated HTML as text/html, and the markdown after expanding the mustache templates as text/plain. It should render as HTML in email clients that support HTML.

The markdown processor is configured to NOT accept inline html, for security reasons.

more info here: Email connector and action | Kibana Guide [7.14] | Elastic