Hi,
I'm currently struggling with kibana alerting.
I've made a Log threshold alert that's working fine but i would need, in my final document, to have values from context.group split in multiples fields (split char would be ,).
From what i understood i can use mustache to do so since i should be able to add JS to it but i didn't find any clue on how to do so.
I was also wondering, is it possible to do so without adding JS and by only using templates ?
Thanks by advance for your help.
Currently there is no way to add additional mustache processing, so I don't believe you can perform a "split" the way you are thinking of. Until we have such a capability, the "split" would need to be provided by the alert itself. I'm not seeing that variables like that are currently available, but I'm not completely familiar with this alert type.
I think the best thing to do at this point is to create an issue in Kibana for this, as a feature request. Sign in to GitHub · GitHub
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.