Kibana alerts

Anandhu_R_K · December 15, 2022, 8:27pm

Hi Team,

I have an elasticsearch query type rule configured for my index to detect certain fields with particular values. Also i have an corresponding email connector configured in which I am configuring my custom content using {{context.hits}}. So to achieve this custom content i need to get the very first occurred timestamp of the hits to be displayed in the email content, for which i tried using {{context.hits.0._source.@timestamp}} which is returning only the recent timestamp from the hits.

I want my email content to have the timestamp of first occurred event from the hits.

bhavyarm · December 21, 2022, 10:51pm

@ying.mao / @Patrick_Mueller can we please get some help?

Thanks,
Bhavya

ying.mao · December 22, 2022, 1:12pm

@Anandhu_R_K We use the mustache library for action templating and unfortunately, there is not a way to get the last element of an array using mustache, which is what we would want in this scenario.

Anandhu_R_K · December 22, 2022, 1:47pm

@ying.mao Can we expect this feature for getting the last element of an array in upcoming releases.

ying.mao · December 22, 2022, 2:28pm

@Anandhu_R_K We do have some updates to our action templating on our roadmap but we do not have a specific version we're targeting yet. You can follow this meta issue for updates: [Alerting][Discuss] meta issue on mustache templating and action parameter processing · Issue #79786 · elastic/kibana · GitHub

Anandhu_R_K · December 22, 2022, 3:03pm

Sure, Thank You @ying.mao @bhavyarm

system · January 19, 2023, 3:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.