search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.33k stars 1.06k forks source link

Messages count in alert notification template #4732

Open beriba opened 6 years ago

beriba commented 6 years ago

Add a possibility to access more variables in alert notification template (both for title and body). In particular I want to access the number of messages in Message Count Alert Condition or aggregation value in Field Aggregation Alert Condition. Of course I'm talking about Email Alert Callback but if it's easy to implement I would appreciate this functionality in other callbacks (including plugins but I get that it might be a matter of doing it separately in those plugins). There also might be a need to update a documentation regarding this topic because there are variables used in default template which are not included in doc. There are also some variables that are available but also not described in doc. As a reference please look at this: https://www.reddit.com/r/graylog/comments/31cxal/anybody_have_a_list_of_variables_that_can_be_used/crn0rfy and the doc: http://docs.graylog.org/en/2.4/pages/streams/alerts.html?highlight=check_result.resultDescription

Expected Behavior

I want to be able to use a variable, eg. ${check_result.resultValue} which will indicate messages number or aggregation value based on condition type.

Current Behavior

Currently this value is only accessible in ${check_result.resultDescription} variable. JMTE doesn't have any functionality to parse strings (and it won't have it, which is obvious) so messages count is not accessible by itself.

Context

I have a business requirement to send meaningful alerts to non-technical people, preferably translated to polish. One of the requirements is to mark how critical the alert is and second is to show how much the threshold was exceeded. Doing the whole translation functionality on graylog side would be a total overkill. But if there is a possibility to access the message number that would be easy for me to do it by myself in my graylog instance. I already figured out how to access threshold, grace and threshold_type but as far as I see I can't access the number of messages which is the last part of the puzzle. Then I'll create a translation using "brutal" force of ifs in the JMTE.

gn-ley commented 5 years ago

The message count number is so crucial, but I can't access the value without taking the complete resultDescription.

Is there any workaround to get the value?

LeDOC666 commented 3 years ago

Here is an idea to get count value in alert msg:

Nombre d'occurences = ${foreach backlog message}${if last_message}${index_message}${end}${end} occurences (Max 50)

beriba commented 3 years ago

@LeDOC666 thanks for the idea but it's over 3 years since I posted this issue and I already dropped using alerting in graylog. I needed something way more flexible. But I hope someone will benefit from the snippet you posted :)