Hello everyone, how can I take fields from the metricbeat index and add them to the body of my email, as shown in the example on the green line?
this my rule
and this my definition email
if you could guide me thank you
Regards
and this my definition email
Think that the alert is going to run an aggregation so when the alert triggers it does not know from which server it's coming. You need to group by host.name or host.ip to create alert groups.
From the docs:
The Group alerts by creates an instance of the alert for every unique value of the field added. For example, you can create a rule per host or every mount point of each host. You can also add multiple fields. In this example, the rule will individually track the status of each host.name in your infrastructure. You will only receive an alert about host-1, if `host.name: host-1 passes the threshold, but host-2 and host-3 do not.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.