Hi - I am trying to capture a field value (message and host.name) from a trigger into the content of a webhook payload. Is there some other way I should be referencing the fields to get the values to pull into the message?
Below is the message I am using, followed by the preview (note the values for _source.message and _source.host.name are empty). I am here trying two different methods to pull the values (one for message and one for host.name).
{
"event_action": "trigger",
"payload": {
"summary": "{{ctx.monitor.name}} has entered alert state via {{ctx.trigger.name}} and {{ctx.payload.hits.hits.0._source.message}} and {{ctx.results[0].hits.hits[i]._source.host.name}}. Please reference SOP at https://some/SOP/location.",
"source": "Kibana Monitor",
"severity": "info",
}
}
}
{
"event_action": "trigger",
"payload": {
"summary": "Test for Alerting Two has entered alert state via Test for Alerting Two Trigger and and . Please reference SOP at https://some/SOP/location.",
"source": "Kibana Monitor",
"severity": "info",
}
}
}
I can confirm that an actual triggering of this alert does push the payload as shown in the preview, meaning the message and host.name values don't come through. The below is the response returned by the query that dictates the monitor. I can see that message and host.name fields are both populated with values -- these are the values I'm trying to inlcude in the webhook payload.
{
"_shards": {
"total": 20,
"failed": 0,
"successful": 20,
"skipped": 0
},
"hits": {
"hits": [
{
"highlight": {
"source": [
"S:\\Projects\\@kibana-highlighted-field@axcelerate.APP_Server_Monitoring@/kibana-highlighted-field@\\WEB-INF\\logs\\@kibana-highlighted-field@app_server_monitoring.log@/kibana-highlighted-field@"
],
"message": [
"[@kibana-highlighted-field@2019@/kibana-highlighted-field@-@kibana-highlighted-field@09@/kibana-highlighted-field@-@kibana-highlighted-field@18@/kibana-highlighted-field@ @kibana-highlighted-field@03@/kibana-highlighted-field@:@kibana-highlighted-field@36@/kibana-highlighted-field@:@kibana-highlighted-field@22,268@/kibana-highlighted-field@] https-jsse-nio-8443-exec-24 [DEBUG] [] ApplicationManagementServlet service: @kibana-highlighted-field@check@/kibana-highlighted-field@ @kibana-highlighted-field@state@/kibana-highlighted-field@ @kibana-highlighted-field@called@/kibana-highlighted-field@"
]
},
"_index": "filebeat-6.6.0-2019.09.18",
"_type": "_doc",
"_source": {
"offset": 1052335,
"log": {
"file": {
"path": "S:\\Projects\\somepath.log"
}
},
"prospector": {
"type": "log"
},
"source": "S:\\somepath\\somelog.log",
"type": "beats",
"message": "some message",
"tags": [
"beats_input_codec_plain_applied"
],
"input": {
"type": "log"
},
"@timestamp": "2019-09-18T10:39:27.105Z",
"meta": {
"cloud": {
"machine_type": "r3.8xlarge",
"availability_zone": "us-east-1c",
"instance_id": "i-someid",
"provider": "ec2",
"region": "some-region"
}
},
"beat": {
"hostname": "ABCD1234",
"name": "ABCD1234",
"version": "6.6.0"
},
"@version": "1",
"host": {
"os": {
"build": "7601.32548",
"name": "Windows Server 2008 R2 Datacenter",
"family": "windows",
"version": "6.1",
"platform": "windows"
},
"name": "ABCD1234",
"id": "some id",
"architecture": "x86_64"
}
},
"_id": "some id",
"sort": [
1568803167105
],
"_score": null,
"fields": {
"@timestamp": [
"2019-09-18T10:39:27.105Z"
]
},
"_version": 1
}
],
"total": {
"value": 1,
"relation": "eq"
},
"max_score": null
},
"took": 95,
"timed_out": false,
"aggregations": {
"2": {
"buckets": [
{
"key_as_string": "2019-09-18T06:30:00.000-04:00",
"doc_count": 1,
"key": 1568802600000
}
]
}
}
}
Screenshot of Kibana UI:
