I want to configure threshold alert if totaltime exceeds 500 then mail should sent to the User

I am able to send mail with some information but Particular data i want to fetch in table.


Alert Configuration i pasted in this link:https://pastebin.com/A6fDZYKY

Field Name and index name as follows:

Hi Anant
Glad I could help you with your code earlier. One thing I didn't correct in that code is the "size": 0, part. You should remove it because this is causing no document (hit) is returned, only the count! That's why you see no data. You could limit what fields are returned also if you want.

You could try to run just the query part of your watcher trough Kibana console (developer tools) to see if you'll get hits (you could also play with the time period to get more hits)

Yes It worked but data not coming in table form:

Ok, did you sanitized HTML tags? Look here
You can inspect your watcher execution history to see what happened. In Kibana on the left side under the Elasticsearch group select Watcher, then from the list select your watcher, then from a list of execution history select one, e.g. most recent one. That will open a JSON file in the right part of your screen. Navigate towards the bottom of it and find the email action (if the watcher condition was met the action will be performed). There you should see your email HTML body, inspect it if it was constructed as you need it to be (are all the tags needed for a table there, or you can copy the whole HTML and paste it in some online HTML editor or something).
You can get the watcher execution result if you run it through developer tools (Kibana console) by executing
PUT _watcher/watch/*<your_watcher_name>*/_execute
and look for the email body as explained above.

P.S.
Copy the email body, hide the sensitive data (replace them with something) and paste it here so we can see it

Yes I have configured:
xpack.notification.email.html.sanitization.allow: true
xpack.notification.email.html.sanitization:
allow: _tables, _blocks
disallow: h4, h5, h6

Watcher json Data:https://pastebin.com/SrBpts5X

mail Output and alert Config:

elastic config:

If you're constructing the table as I showed you how, with the styles for <table>, <th>, and <td> tags

"body": {
	"html": "<p>Hello Team,There are {{ctx.payload.hits.total}} long running process on these sever in the last minute. Find details below:</p><p><table style='border-collapse:collapse;border-spacing:0;border-color:#ccc'><th style='font-weight:bold;padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:inherit;color:#333333;background-color:#c0c0c0;text-align:center;vertical-align:middle'>Server</th><th style='font-weight:bold;padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:inherit;color:#333333;background-color:#c0c0c0;text-align:center;vertical-align:middle'>Process</th><th style='font-weight:bold;padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:inherit;color:#333333;background-color:#c0c0c0;text-align:center;vertical-align:middle'>User</th><th style='font-weight:bold;padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:inherit;color:#333333;background-color:#c0c0c0;text-align:center;vertical-align:middle'>Time</th></tr> {{#ctx.payload.hits.hits}} <tr><td style='padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#ccc;color:#333;background-color:#fff;text-align:left;vertical-align:top'> {{_source.server}}</td><td style='padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#ccc;color:#333;background-color:#fff;text-align:left;vertical-align:top'> {{_source.process}}</td><td style='padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#ccc;color:#333;background-color:#fff;text-align:left;vertical-align:top'> {{_source.user}}</td><td style='padding:4px 8px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#ccc;color:#333;background-color:#fff;text-align:left;vertical-align:top'> {{_source.totaltime}}</td> </tr> {{/ctx.payload.hits.hits}} </table></p> <p>Regards, Team Admin</p>"
}

then the problem could be that you need to add _styles to your allowed sanitized items. E.g. this is my settings:

xpack:
  notification:
    email:
      html:
        sanitization:
          allow: "_tables, _blocks, _formating, _styles"  
  • List item
  1. List item

Yes Thanks It worked for me.Thanks for the solution which you provided.

  1. List item

I am using Kibana 7.9 Version and Using alert and Reporting feature with Trail One month License.My question is there any way i can install any plugin like sentinl which is not compatble with 7.9.

If you suggest any plugin which i can use free open source instead of buying license

Hi Josip

Do you have idea