Is it possible to access specific fields within Action boxes under Alerts in Kibana.
For example, I want to alert when the field "host.status" equals down. This is easy using the Elasticsearch Query. After this query matches, I need to send an email with the various info.
I have a field called "host.url" which contains the URL of the hosts. I am struggling on how I can access and bring this field into the message text box under action.
This was previously possible with watcher so I am thinking it should be possible here.
I am running Elastic/Kibana 7.13.4, trying to migrate away from watcher.
If you are using the Elasticsearch Query alert, you should be able to use mustache syntax to access document information inside your action. Documentation is available here: Elasticsearch query | Kibana Guide [master] | Elastic
The documents are available within the context.hits context variable, which is an array containing the matching documents. In order to access a field like host.status, try something like this:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.