How to add hostname value in email subject or body

Hi,

I would like to add 'hostname' in email subject or body whenever i get 'Failed authentication error' in log messages. I have created an index and it has data for 3 servers. So whenever we see auth error in logs, i would like to send email alert with hostname.

{
  "trigger": {
    "schedule": {
      "interval": "24h"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "kafka-broker-sac1*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "must": [],
              "filter": [
                {
                  "match_all": {}
                },
                {
                  "match_phrase": {
                    "message": {
                      "query": "Failed authentication with"
                    }
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "from": "now-30m",
                      "to": "now"
                    }
                  }
                }
              ],
              "should": [],
              "must_not": []
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 30
      }
    }
  },
  "actions": {
    "email_admin": {
      "email": {
        "profile": "standard",
        "attachments": {
          "attached_data": {
            "data": {
              "format": "json"
            }
          }
        },
        "to": [
          "xxx@xxx.com"
        ],
        "subject": "Failed authentication error recently encountered on kafka-broker-sac1",
        "body": {
          "text": "{{ctx.payload.hits.total}} Errors have occured in the logs:{{_source.message}}"
        }
      }
    }
  }
}

Below is one example of log message-

@timestamp Mar 30, 2021 @ 09:25:33.903
@version 1
_id oR70g3gBr9_-7IbXZO9p
_index kafka-broker-sac1-nonprod-aws-2021.03.30
_score -
_type _doc
agent.ephemeral_id 91a9e58c-3347-4753-b8db-5568ab3d9475
agent.hostname kafka300006
agent.id 2774444d-da99-407a-bedb-8e20fa124a5a
agent.name kafka300006
agent.type filebeat
agent.version 7.9.3
ecs.version 1.5.0
environment.name dev
host.name ed1vebkfk300006
input.type log
log.file.path /var/log/kafka/kafka.log
log.offset 5,929,558
message [2021-03-30 09:25:33,135] INFO [SocketServer brokerId=1001] <mark>Failed</mark> <mark>authentication</mark> with /10.216.1.169 (Authentication failed: Invalid username or password) (org.apache.kafka.common.network.Selector)
tags beats_input_codec_plain_applied
top.ingest_latency 1
top.ingest_method beats
top.ingest_time Mar 30, 2021 @ 09:25:35.009
top.message_size 719

A few discussions + examples: