Hi,
I set up a Log threshold alert to Slack when number of error log lines exceeds a certain limit.
Is there a way to alert to Slack the actual log message body? I searched for a way and the only variables I see I can add to the message relates to the context, query, etc..
Looking forward for you answer 
Thanks,
Ido
Hi,
I'm sorry but this functionality doesn't exist at the moment. However, we are aware this is an enhancement many are looking for, and it's something we'll hopefully be looking into by creating more specific rule types in the future (however I can't give any timeframes).
There is a conversation about this in progress in [Logs UI] Make matching documents available in log threshold alert action context · Issue #112447 · elastic/kibana · GitHub. You're welcome to weigh in over there too.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.