TechQA.

elastalert2 - alert text jinja templates - which variables are available?

918 views Asked by At

I'd like to make our monitoring system a bit more "business user friendly". I am using elastalert2 for monitoring. The mails it generates by default are highly cryptic and my colleagues outside of technology do not understand them at all.

I've been trying to play with alert_text to give them a bit of a better description of what happened. Unfortunately, I don't find any documentation of what variables are available for jinja templates. Therefore, the only thing I can print out is the number of hits - not the name of the rule, or for what time period the hits apply.

Is there someone who has some experience with that?

elastalert elastalert2
Original Q&A
1

There are 1 answers

0
Daniel Hutchison On BEST ANSWER

In your elastalert2 rule definition, you can use the alert_text_args field to define some fields you would like to use in your alert_text.

For example:

elastalert2:
  rules:
    some_test_rule: |-
            <snip>
      include: ["elasticsearch", "hostname", "@timestamp", "message", "username", "connection_id"]
      alert_text: |
        Error_message: {3} 
        User: {2} 
        instance: {0} 
        time: {1} 
        session_id: {4} 
      alert_text_type: alert_text_only
      alert_text_args: ["hostname", "@timestamp", "username", "message", "connection_id"]

Reference: elastalert2 rule types documentation

Related Questions in ELASTALERT

Related Questions in ELASTALERT2

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions