i want to ask something about alerting here. i already create a rule to notify me if there is a certificate that will be expire in few days through server log which is kibana.log like this
Due to different types of certificates that exist, in which there is manual-renew and auto-renew, I want to display those tags in the message. so that the script that I made can be given conditions(if else) based on the value of field tags. What variables can I use to display the tags there? i was tried using {{_source.tags}} but it didn't work
The rule message template has a predefined list of variables, so {{_source.tags}} won't work. You can see and add these variables by clicking on the add button. Please check the screenshot below.
Hi @yuswanul, as mentioned above, the available action variables can be seen in the dropdown. For this specific case, you should be able to access the tags under {{rule.tags}}
so, it is not possible to retrieve the value of the field from the index in this version? or in the next version will be available? because it really help, so i hope this feature will be considered for the next version
@yuswanul Gotcha. I misunderstood. The availability of the fields inside _source is dependent on the rule type and it does not look like the Uptime TLS alert gives access to that as an action variable.
How about Elasticsearch query? Is it possible to use that? Maybe we can calculate the expire date of the certificate then we substract it with today date first. After that, maybe we call the value of tags field in the alert message
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.