MS teams alerts not getting triggered

Sumit_Kumar1 · October 9, 2019, 6:32am

MS teams alerts not getting triggered .

I am sharing my configuration .

{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"xg_elastalert_status_write_error"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"match": {
"_type": "elastalert_error"
}
}
]
}
},
{
"range": {
"@timestamp": {
"gte": "now-100m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"sumitkumar.singh@in.imshealth.com"
],
"subject": "Elastalert Failure {{ctx.payload.hits.hits.0._source.@timestamp}}",
"body": {
"text": "Failure Message : {{ctx.payload.hits.hits.0._source.message}}\n Message: {{ctx.payload.hits.hits.0._source.message}}\n"
}
}
},
"MS_Teams": {
"webhook": {
"scheme": "https",
"host": "outlook.office.com",
"port": 443,
"method": "post",
"path": "/webhook/b382dfec-3a3b-42d8-937f-89230bac95ad@5989ece0-f90e-40bf-9c79-1a7beccdb861/IncomingWebhook/3167e19281ee424285fe1ad3c0992f88/149a0b7b-ff63-48c1-ba38-1dee90dc2c12",
"params": {},
"headers": {},
"body": "t"
}
}
}
}

Sumit_Kumar1 · October 9, 2019, 9:23am

Hi i have resolved it . Now , it's working fine .

cjcenizal · October 9, 2019, 6:39pm

Hi Sumit, thanks for letting us know. Would you mind sharing your solution?

Sumit_Kumar1 · October 12, 2019, 3:38pm

I have used transform then used that script as JSON in body .

  "MS_Teams": {
  "transform": {
    "script": {
      "source": "return ['text':'Found ' + ctx.payload.hits.total]",
      "lang": "painless"
    }
  },
  "webhook": {
    "scheme": "https",
    "host": "outlook.office.com",
    "port": 443,
    "method": "post",
    "path": "/webhook/b382dfec-3a3b-42d8-937f-89230bac95ad@5989ece0-f90e-40bf-9c79-1a7beccdb861/IncomingWebhook/3167e19281ee424285fe1ad3c0992f8",
    "params": {},
    "headers": {
      "Content-Type": "application/json"
    },
    "body": "{{#toJson}}ctx.payload{{/toJson}}"
  }
}

system · November 9, 2019, 3:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.