Hi,
I have set up a custom signal that is triggering within ELK as i want.
I would like to use the Webhook function to trigger some ex ternal actions.
In order to do this though i need to send some of the document fields in the body of the webhook.
I have tried to search on how to do this but can not find any documents/guidance.
Is this even possible ?
If it is can somone provide me with what should go in the moustash parameter to send @timestamp for example?
Thanks in advance
Hey there @The1WhoPrtNocks, welcome to the community and thanks for posting! Looks like this one slipped through the cracks, but let's see what we can do to answer your questions 
So for referencing field/values in your Webhook Action, there is currently access to the following notification placeholder fields. So you don't have to reference the docs each time, there is a shortcut within the UI to view the available fields and for inserting them into your action message. As seen below, if you click the icon to the top right of the action text area, you'll see a list of all available fields:
Currently only the rule fields, signals_count and results_link are exposed, so you won't have access to @timestamp, but we're looking to include access to the underlying signal fields in a future release. You can follow the below two issues for tracking this functionality.
Hope this helps! And thanks again for posting
-Garrett
HI @spong,
Thank you for the detailed response and for posting to the issues.
I have a workaround functioning atm where i post to an API with a certain body and based of the body it triggers an Elasticsearch API call to get me the details i need.
So not a major issue, but would be "cleaner" once the above is implemented,
Luke
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
