Hello everybody
I have an ELK server that gets information from so many beats like Filebeat, Metricbeat, and ... , also I am using Slack webhook to send my alerts by Elastalert, However, I have a problem sending different alerts to various webhooks by Elastalert, We collect logs for several teams and groups and I want to send the alerts to Slack respectively. for example, I need to send financial team IIS alerts to Webhook A and business IIS alerts to Webhook B. besides I want to config all in one rule file. my example rule file is like the following lines:
alert:
- "slack"
slack_webhook_url: "https://hooks.slack.com/services/webhookaddress"