I am using an extraction query in monitor to alert me in case the email I send to a user bounces. I am able to get the trigger to work and receive an alert on slack
I would like to include the user's email in the alert too. Is there any way to extract the user's email from the query responses
{
"version": true,
"size": 500,
"sort": [
{
"orig_timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"aggs": {
"2": {
"date_histogram": {
"field": "orig_timestamp",
"fixed_interval": "12h",
"time_zone": "xxx",
"min_doc_count": 1
}
}
},
"stored_fields": [
""
],
"script_fields": {},
"docvalue_fields": [
{
"field": "orig_timestamp",
"format": "date_time"
}
],
"_source": {
"excludes": []
},
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "Bounce",
"analyze_wildcard": true,
"time_zone": "xxx"
}
}
],
"filter": [
{
"match_phrase": {
"_index": "xxx"
}
},
{
"range": {
"orig_timestamp": {
"gte": "2021-04-24T20:33:14.329Z",
"lte": "2021-06-08T20:33:14.329Z",
"format": "strict_date_optional_time"
}
}
}
],
"should": [],
"must_not": []
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"": {}
},
"fragment_size": 2147483647
}
}
Hello,
I don't think is possible currently. There's an open issue that describes a similar request. You might want to take a look and comment if you'd like!
Regards,
Aaron
Hi ,
would it at least be possible to get the entire log into and display it with the alert message in slack
Thanks for help
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.