elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard

Published 20 hours ago verified publisher icon bitsensor

Include filter term value in alert

Open badsector3 opened this issue 5 years ago • 0 comments

Hi.

Is there a way to include filter term value in alert? I use flatline rule.

threshold: 1
timeframe:
  seconds: 60

index: metricbeat-*
filter:
- bool:
    filter:
      - term:
          beat.hostname: "srv01"
      - term:
          beat.hostname: "srv02"

alert_subject: "Metricbeat down: {0}"
alert_subject_args:
- beat.hostname

The idea is to get the value back for key which is true. I wish to know which server is down if there are multiple term. I can create multiple alerts, one per server to accomplish the same but just wonder if there is other way of doing it.

Thanks,

badsector3 avatar Sep 04 '19 10:09 badsector3