The following is some of the fields from the elastalert; but learned that the match_body is an object that cannot be recognized/used on kibana. (Kibana index refresh does not get the ? marks away)
t index elastalertstatus
t _type elastalert
t alert_info.command echo Alert Raised: cpu > 70
t alert_info.type command
alert_sent true
alert_time April 17th 2017, 12:42:17.534
? match_body.@timestamp 2017-04-17T16:42:16.533541Z
? match_body.cpu_max 81
? match_body.num_hits 32
? match_body.num_matches 1
But still I'm wondering any approach (from a simple to a bit complicated) could enable me to use the fields.
Thanks guys.