Watcher email action: How to include search query in email body or attachment

eeivin · April 28, 2016, 6:32pm

I have the following email action

"actions" : {
"watcher_email" : {
"email": {
"account": "outlook_account",
"to": "'testUser@testDomain.com'",
"subject" : "Watcher Alert: {{ctx.payload.hits.total}} log entries --- severity: Fatal",
"body" : "Watcher "{{ctx.watch_id}}" Encountered {{ctx.payload.hits.total}} log entries, see attached data",
"attachments" : {
"incidentData.json" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
}
}

Is there a way to also include search query in email body or attachment?

Thank you for your help,
Eric

spinscale · April 29, 2016, 11:26am

Hey,

you cannot include the search query. however when you only want to include the term that searched for, you could put additional info in the metadata, which is part of the attachment data. You could even reuse that info in your query, by using a search template and referring to the metadata in the params.

--Alex

eeivin · April 29, 2016, 4:13pm

That's great. Thank you for your help.

Is there a way to insert a new line "\n" in the email "body" element?