Sending Email for each hit of Alert

MaximH · June 5, 2024, 2:32pm

Hello there!
I have the use case that we store k8s logs in Elasticsearch, and now want to send alerts containing the logmessage from said logs with kibana alerts.
I have now created an alert firing once a loglevel equaling ERROR is detected:

{
  "_source": [ "loglevel", "logmessage","servicename","kubernetes.namespace" ],
  "query": {
    "match": {
      "loglevel": "ERROR"
    }
  }
}

I managed to send emails containing each logmessage for all found documents in the current run/action of the alert.
However we would rather have one email per document where the loglevel equals "ERROR" per Alert fire.
Is this possible to achieve while retaining the ability to send the logmessage along the email?

Best regards,
Maxim H

MaximH · July 2, 2024, 10:40am

I solved the issue: In a script block I create an array with all hits, and in the actions iterate over the array for each hit.

jessgarson · July 2, 2024, 2:40pm

Thanks for sharing your solution, @MaximH.

Topic		Replies	Views
Kibana alerting message with query results Kibana	7	2741	March 18, 2021
Send email alerts if log level == ERROR in more than one index Kibana elastic-stack-alerting	6	2992	November 7, 2021
Kibana watcher : Send message field in if log level is ERROR Kibana elastic-stack-alerting	2	1107	November 22, 2021
【Please share info】Plugins and OSS for implementing alert functions in kibana (elasticsearch) version 7 series Kibana elastic-stack-alerting	1	238	May 1, 2023
Kibana Email Alert Kibana elastic-stack-alerting	8	3473	July 1, 2022

Sending Email for each hit of Alert

Related topics