Hello,
I have an issue using the email_from_field ... field. I created a basic alert, which is triggered (i tested without email_from_field and with the "email" filled).
But i never received any mail on the mail transmitted by my alert.email.to field, with my "mail" field filled or not.
So i guess the problem comes from my alert.email.to field ? This fields is added in my metricbeat data from metricbeat.yml fields with fields_under_root True.
Here is my alert file
es_host: localhost
es_port: 9200
name: test email LOUIS
index: metricbeat*system*
type: frequency
timeframe:
minutes: 10
num_events: 1
realert:
minutes: 30
filter:
- range:
system.memory.used.pct:
from: 0
to: 1.0
- term:
metricset.name: memory
- term:
host.name: Ordi500500
query_key: host.name
query_delay:
minutes: 2
alert_text_type: alert_text_only
include : ["host.name"]
alert:
- "email"
email_from_field: "alert.email.to"
alert_subject: "[TEST ELK ALERT]"
alert_text: "TEST"
email:
- ""
cc:
- ""
smtp_host: Ordi500500
smtp_port: 25
from_addr: example@gmail.com
Thanks for your time,
Have a good day !