How to send email alert to groups based on condition success using Kibana Rules

bhavya · August 16, 2022, 2:53pm

I have created a rule using Kibana rules, by following the below steps:

Created a new rule by selecting "Rule" under the "Security" section
Then selected the rule type as "Event Correlation", wherein I added the index pattern and wrote the EQL (which included the where condition to include the events)
Added the required fields in the Action section, and then saved the rule.

I am getting the email alerts based on the condition written, but the alerts are such that:

Suppose a single mail contains the below content -

ClientName: ABC
HostName: ABC

ClientName: ABC
HostName: ABC

ClientName: DEF
HostName: DEF

But I want to group the mail so that each mail should have data related to only 1 clientName. As in this case email should have contained data of only those clients whose name is ABC

Whereas the data of clientName DEF, should be sent in a different mail.

Is there a way to achieve this type of grouping based on the clientName? This similar situation can be done using watcher as given in this answer, but can anyone please let me know what the ideal way to do that in my case ?

system · September 13, 2022, 4:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Email Alert Kibana elastic-stack-alerting	8	3477	July 1, 2022
Kibana rules and group by Kibana	2	1264	June 13, 2022
Alert for every document based on the field value Kibana elastic-stack-alerting	6	1455	February 3, 2023
Email action message Kibana	1	174	October 24, 2023
Rules and connectors examples? Kibana elastic-stack-alerting	2	1760	November 4, 2021

How to send email alert to groups based on condition success using Kibana Rules

Related topics