Possible Feature request: Accessing Custom Event Data fields in the plugin.

[ghost]

Hi,

Firstly fantastic plugin and formatting into Slack, thank you.

I am trying to access Custom Fields I have set in the Alert Event Definition, which are being correctly set, and assigned a key, in the Alerts and Event Stream.

However, according to the Graylog Documentation:

https://docs.graylog.org/en/3.3/pages/alerts.html#notifications

We should be able to relay these into the notifications, in the example:

${foreach event.fields field} ${field.key}: ${field.value} ${end}

However, it appears we don't have the Event Data passed into the plugin. As I don't appear to be able to access any of these:

Timestamp:            ${event.timestamp}
Message:              ${event.message}
Source:               ${event.source}
Key:                  ${event.key}
Priority:             ${event.priority}
Alert:                ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start:      ${event.timerange_start}
Timerange End:        ${event.timerange_end}

Using the plugin Footer Text field for debug I can loop through the Backlog Messages thus:

Footer Text: ${source} ${foreach backlog message} ${message} ${end}

Which works perfectly.

And the ${source} above is taken from the Backlog Messages not the source field of the event. So we can obviously access the Backlog fields.

Is there a means currently to access the Event Data structure in the plugin... Is the Event Data currently passed into the plugin? If not, perhaps this could become a feature request?

[KongZ]

Thanks for suggestion, I didn't see the events in 3.x but it might be available on 4.0. I will take look