How to add the "hostname" and "environment" variables in the "message body" of the email alert sent from Watcher in Kibana?

Shiva_Subramaniyan · January 19, 2023, 6:24am

Hi,

We had created Watcher and configured alert rules to send the email when a threshold is breached.

The email body should contain the "hostname" and the corresponding "environment" when it is triggered.

We tried to use {{context.hostname}} as well as {_source.hostname} in the message body of the alert while configuring the rule and either of them did not work.

Can someone let us know how to get these variables into the message body of the alert while configuring it in Kibana?

Shiva_Subramaniyan · January 19, 2023, 6:54am

We have the following fields in our index to get the hostname and environment variables:

fields.app.env
host.hostname
agent.hostname

We have configured the alert based on the "message content" received in one of the "index" and we have these fields in this index. We need to get the appropriate "hostname" and "environment" in the email when a alert is triggered from this "index". Please send in your suggestions.

richcollier · January 19, 2023, 5:29pm

Watcher has a different "context" than Kibana Alerts' context.

If you want to see examples of pulling variable values in a Watch, look at some of the examples: examples/Alerting/Sample Watches at master · elastic/examples · GitHub

Shiva_Subramaniyan · January 23, 2023, 4:53pm

Hi,

When we use the following for "hostname" and the "environment" we are getting multiple values based on the number of "hits" and we want to get the UNIQUE "hostname" and "environment" values in our email alerts in Kibana

{{#context.hits}}
Hostname: {{_source.host.name}}
{{/context.hits}}

{{#context.hits}}
Environment: {{_source.fields.app.env}}
{{/context.hits}}

Can someone guide us in this regard?

richcollier · January 25, 2023, 11:03pm

Ok...seems like you're using Kibana Alerts and not Watcher after all.

But, what flavor of Kibana Alert Rule are you using? As for as I know, only the "Elasticsearch query" rule type will produce hits so that you can iterate through them using the {{#context.hits}}
syntax referenced.

system · February 22, 2023, 11:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana, Alerts and Actions, does not allow adding hostname in the message Kibana elastic-stack-alerting	6	2319	October 23, 2020
Templating email notifications Kibana	6	281	June 2, 2023
Custom variables in Kibana Alerts Kibana elastic-stack-alerting	16	3950	October 28, 2020
How to include the hostname and location of the log within Watcher alerts? Elasticsearch elastic-stack-alerting	3	2274	February 16, 2017
How include the hostname and location of the log within Watcher alerts? Elasticsearch	2	728	July 31, 2018

How to add the "hostname" and "environment" variables in the "message body" of the email alert sent from Watcher in Kibana?

Related topics