Sending Email for each hit of Alert

MaximH · June 5, 2024, 2:32pm

Hello there!
I have the use case that we store k8s logs in Elasticsearch, and now want to send alerts containing the logmessage from said logs with kibana alerts.
I have now created an alert firing once a loglevel equaling ERROR is detected:

{
  "_source": [ "loglevel", "logmessage","servicename","kubernetes.namespace" ],
  "query": {
    "match": {
      "loglevel": "ERROR"
    }
  }
}

I managed to send emails containing each logmessage for all found documents in the current run/action of the alert.
However we would rather have one email per document where the loglevel equals "ERROR" per Alert fire.
Is this possible to achieve while retaining the ability to send the logmessage along the email?

Best regards,
Maxim H

MaximH · July 2, 2024, 10:40am

I solved the issue: In a script block I create an array with all hits, and in the actions iterate over the array for each hit.

jessgarson · July 2, 2024, 2:40pm

Thanks for sharing your solution, @MaximH.

Topic		Replies	Views
Kibana alerting message with query results Kibana	7	2715	March 18, 2021
【Please share info】Plugins and OSS for implementing alert functions in kibana (elasticsearch) version 7 series Kibana elastic-stack-alerting	1	237	May 1, 2023
Kibana Email Alert Kibana elastic-stack-alerting	8	3416	July 1, 2022
Fire alert for each document with specific value in field Kibana elastic-stack-alerting	6	3009	June 22, 2021
Looping through Aggregations to trigger multiple emails Elasticsearch elastic-stack-alerting	3	594	October 24, 2018

Sending Email for each hit of Alert

Related Topics