Hello there!
I have the use case that we store k8s logs in Elasticsearch, and now want to send alerts containing the logmessage from said logs with kibana alerts.
I have now created an alert firing once a loglevel equaling ERROR is detected:
{
"_source": [ "loglevel", "logmessage","servicename","kubernetes.namespace" ],
"query": {
"match": {
"loglevel": "ERROR"
}
}
}
I managed to send emails containing each logmessage for all found documents in the current run/action of the alert.
However we would rather have one email per document where the loglevel equals "ERROR" per Alert fire.
Is this possible to achieve while retaining the ability to send the logmessage along the email?
Best regards,
Maxim H