Hi all,
I've a simple rule with two groupby fields (Client, hostname) to trig a an alert for each (Client, hostname)
I created an index action ==> I just want th set target index fields with the two groupby values
but... doesn't work : the 2 fields are empty.
I think I do not use the right syntax to access groupby value : {{context.group.Client}} and {{context.group.hostname}}
Any idea ?
PUT kbn:/api/alerting/rule/140985cd-b567-4a3b-83b5-67478d7e6115
{
"name": "NABLE - server - Disk%",
"tags": [
"easyServer"
],
"schedule": {
"interval": "15m"
},
"params": {
"criteria": [
{
"comparator": ">",
"metrics": [
{
"name": "A",
"aggType": "count"
}
],
"threshold": [
0
],
"timeSize": 1,
"timeUnit": "h"
}
],
"alertOnNoData": false,
"alertOnGroupDisappear": false,
"searchConfiguration": {
"query": {
"query": "category :\"easyServer\" and serviceName :\"Disk\" and notificationState :\"Failed\" ",
"language": "kuery"
},
"index": "051856ce-a499-4db3-b676-ca8c1c5885dd"
},
"groupBy": [
"Client",
"hostname"
]
},
"actions": [
{
"group": "custom_threshold.fired",
"id": "elastic-cloud-email",
"params": {
"message": "Reason : {{context.reason}}\nActionGroup : {{alert.actionGroup}}\nActionGroupName : {{alert.actionGroupName}}\nAlertConsecutiveMatch : {{alert.consecutiveMatches}}\n\nContext.alertetailUrl : ({{context.alertDetailsUrl}})\n",
"to": [
"xxxx@tttt.fr"
],
"subject": "alerte_elk Pack easyServer - Alerte Disque sur {{context.group.hostname}} "
},
"frequency": {
"notify_when": "onActionGroupChange",
"throttle": null,
"summary": false
},
"uuid": "e3a4937d-6658-4403-96f9-c33ffb12ff95"
},
{
"group": "custom_threshold.fired",
"id": "d7dc0561-77a5-49a7-b844-4b3817450cb3",
"params": {
"documents": [
{
"offre": "easyServer",
"alertName": "DiskUsage",
"alertData": "",
"alertLevel": "Error",
"customer": "{{context.group.Client}}",
"hostname": "{{context.group.hostname}}",
"alertProvider": "nable"
}
]
},
"frequency": {
"notify_when": "onActiveAlert",
"throttle": null,
"summary": false
},
"uuid": "6fcda818-e583-434f-a7eb-a8f3777ce264"
}
]
}