How to add the "hostname" and "environment" variables in the "message body" of the email alert sent from Watcher in Kibana?

Hi,

We had created Watcher and configured alert rules to send the email when a threshold is breached.

The email body should contain the "hostname" and the corresponding "environment" when it is triggered.

We tried to use {{context.hostname}} as well as {_source.hostname} in the message body of the alert while configuring the rule and either of them did not work.

Can someone let us know how to get these variables into the message body of the alert while configuring it in Kibana?

We have the following fields in our index to get the hostname and environment variables:

  1. fields.app.env
  2. host.hostname
  3. agent.hostname

We have configured the alert based on the "message content" received in one of the "index" and we have these fields in this index. We need to get the appropriate "hostname" and "environment" in the email when a alert is triggered from this "index". Please send in your suggestions.

Watcher has a different "context" than Kibana Alerts' context.

If you want to see examples of pulling variable values in a Watch, look at some of the examples: examples/Alerting/Sample Watches at master · elastic/examples · GitHub

Hi,

When we use the following for "hostname" and the "environment" we are getting multiple values based on the number of "hits" and we want to get the UNIQUE "hostname" and "environment" values in our email alerts in Kibana

{{#context.hits}}
Hostname: {{_source.host.name}}
{{/context.hits}}

{{#context.hits}}
Environment: {{_source.fields.app.env}}
{{/context.hits}}

Can someone guide us in this regard?

Ok...seems like you're using Kibana Alerts and not Watcher after all.

But, what flavor of Kibana Alert Rule are you using? As for as I know, only the "Elasticsearch query" rule type will produce hits so that you can iterate through them using the {{#context.hits}}
syntax referenced.