search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.33k stars 1.06k forks source link

Message Permlinks within Alert Notifications #5481

Open ghost opened 5 years ago

ghost commented 5 years ago

Proposed Functionality

It would be great to be able to include the Permlink to messages within the Alert Notifications. If the Permlink was made available in the same way as message.source and the other values, that would work well with the current implementation of iterating over messages in the backlog in order to include that data within the alert message.

Current Behavior

Currently unable to link to messages which have triggered alerts. As far as I am aware, we are currently only able to include a link to the stream which the triggering message is in.

Possible Solution

Make the Permlink value of a message available through a similar method as other message content.

Work Around

This workaround has been tested on:

Including the below inside the backlog iteration of your notification email should provide a functioning link to the message(s) which triggered the alert.

http://<GRAYLOG_HOST>/messages/${message.index}/${message.id}

Warning: This has only been tested on messages stored in a single index.

Context

Being able to receive an alert, view the details in the email and provide a link to the exact message that has caused the alert can increase response and resolution time to alerts.

Your Environment

ghost commented 5 years ago

Plust 1, just configured alerts for a bunch of developers and they can't find the related message and therefore rendering alerts useless.

ghost commented 5 years ago

Any eta on when this could be fixed? Or a temporary workaround without developers needing to know which index graylog is at?

ghost commented 4 years ago

Any new on this?

Just been making improvements to my alert notifications and this is definitely a feature that would make a big improvement.

ghost commented 4 years ago

I have found a way to include links within notification emails. I have only tested this on messages that are in a single index however, I don't think it will work if a message is in multiple indices.

Work Around

Including the below inside the backlog iteration of your notification email should provide a functioning link to the message(s) which triggered the alert.

http://<GRAYLOG_HOST>/messages/${message.index}/${message.id}

I have also added this work around to the initial comment on this issue.

gimmic commented 4 years ago

It is likely this PR could help with this problem as they normalize parameters across plugins/pages. https://github.com/Graylog2/graylog2-server/pull/7177

kkonstantin42 commented 3 years ago

We have tried using the suggested workaround for slack notifications but always getting an exception: com.floreysoft.jmte.message.ParseException: Error while parsing 'msg.index' at location (5:49): Property 'index' on object ... [message truncated]

Here is our notification template: ${if backlog}Last messages accounting for this alert: ${foreach backlog msg}${graylog_url}/messages/${msg.index}/${msg.id} ${if msg.fields.app}app: ${msg.fields.app}${end} ${msg.message} ${end}${else}<No backlog> ${end} The issue is only with msg.index. Everything works fine if index is hardcoded. Any ideas why the index property is not accessible? Thanks, any help is appreciated.

ghost commented 3 years ago

@kkonstantin42 What version of Graylog are you running? As mentioned in the original post, I only tested this solution on:

kkonstantin42 commented 3 years ago

@Nihlander we are using Graylog 4.0.1

clack1987 commented 3 years ago

Tested, it works. Change to your server IP. ############################ [Message]############################################## ${if backlog}Detail message hyperlink: ${foreach backlog msg}http://10.145.204.85:9000/messages/${msg.index}/${msg.id} ${end}${else} ${end}

#############################[Message]######################################################