Kibana watcher : Send message field in if log level is ERROR

Elastic Stack Kibana
1

i have configure watcher in kibana to notify me via email if there are ERROR in log level. for couple indices.

input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"xxxx.-*"
],
"types": [],
"body": {
"size": 0,
"query": {
"match": {
"log-level.keyword": "ERROR" }}}}}

Email actions code is below

"email_admin": {
"email": {
"profile": "standard",
"to": [
"chandrakant.rvce@gmail.com"
],
"subject": "Encountered {{ctx.payload.hits.total}} Infos",
"body": {
"html": "Too many log-level ERROR found in logs" }}}

As part of the email i want to send the message field for the ERROR. How do i do it ?

2

Hello,

Please take a look at this discuss post - Include Fields in Watcher Email Alert - #5 by MultiplierMultiplier

You need to include ctx.payload

Thanks,
Bhavya

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.