Watcher email action: How to include search query in email body or attachment

eeivin · April 28, 2016, 6:32pm

I have the following email action

"actions" : {
"watcher_email" : {
"email": {
"account": "outlook_account",
"to": "'testUser@testDomain.com'",
"subject" : "Watcher Alert: {{ctx.payload.hits.total}} log entries --- severity: Fatal",
"body" : "Watcher "{{ctx.watch_id}}" Encountered {{ctx.payload.hits.total}} log entries, see attached data",
"attachments" : {
"incidentData.json" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
}
}

Is there a way to also include search query in email body or attachment?

Thank you for your help,
Eric

spinscale · April 29, 2016, 11:26am

Hey,

you cannot include the search query. however when you only want to include the term that searched for, you could put additional info in the metadata, which is part of the attachment data. You could even reuse that info in your query, by using a search template and referring to the metadata in the params.

--Alex

eeivin · April 29, 2016, 4:13pm

That's great. Thank you for your help.

Is there a way to insert a new line "\n" in the email "body" element?

Topic		Replies	Views
Include entire query result in Watcher email Elasticsearch elastic-stack-alerting	2	1010	April 15, 2020
Include Fields in Watcher Email Alert Elasticsearch elastic-stack-alerting , painless	4	335	August 17, 2022
Error when creating email action with data attachment Elasticsearch elastic-stack-alerting	3	1769	July 6, 2017
How to create a watch that email specific field from input index? Elasticsearch elastic-stack-alerting	18	6852	July 6, 2017
Add email attachment to message body? Elasticsearch elastic-stack-alerting	1	1052	July 6, 2017

Watcher email action: How to include search query in email body or attachment

Related topics