How to Show the Value of tags When Using Server Log Connector

Hello everyone,

i want to ask something about alerting here. i already create a rule to notify me if there is a certificate that will be expire in few days through server log which is kibana.log like this

Due to different types of certificates that exist, in which there is manual-renew and auto-renew, I want to display those tags in the message. so that the script that I made can be given conditions(if else) based on the value of field tags. What variables can I use to display the tags there? i was tried using {{_source.tags}} but it didn't work

this is the tags value from discover

and fyi, i used elastic 7.17.0 version


Hi @yuswanul

The rule message template has a predefined list of variables, so {{_source.tags}} won't work. You can see and add these variables by clicking on the add button. Please check the screenshot below.

Have a great day, and thanks for reaching out!

Hi @yuswanul, as mentioned above, the available action variables can be seen in the dropdown. For this specific case, you should be able to access the tags under {{rule.tags}}

so, it is not possible to retrieve the value of the field from the index in this version? or in the next version will be available? because it really help, so i hope this feature will be considered for the next version

{{rule.tags}} just give me the tags of the rule not the tags of the data in discover

@yuswanul Gotcha. I misunderstood. The availability of the fields inside _source is dependent on the rule type and it does not look like the Uptime TLS alert gives access to that as an action variable.

How about Elasticsearch query? Is it possible to use that? Maybe we can calculate the expire date of the certificate then we substract it with today date first. After that, maybe we call the value of tags field in the alert message

Pada tanggal Kam, 19 Jan 2023 20.32, Ying M via Discuss the Elastic Stack <> menulis: