HTTP POST alerter doesn't send alert data

[SopraSteria199]

Elastalert HTTP POST alerter only send match data.

It doesn't send :

• @timestamp
• alert_info
• alert_sent
• alert_time
• match_time
• rule_name

It would be useful to upgrade this alerter to send all alert data.

[jeff-cook]

Is this a configuration issue or is the alerter not designed to send the information?

[Qmando]

A little bit of both, HTTP alerter definitely has some quirks.

You need to use http_post_payload, http_post_all_values and http_post_static_payload to determine what goes into it.

alert_info doesn't seem very relevant, you could add that into the static payload if you want, along with the rule name. alert_sent doesn't make sense because it's always true if the alert is sent. match_time IS the @timestamp. alert_time is effectively the same as when the server receives the POST, plus latency, but I guess it could be useful to include.

[jeff-cook]

rule_name would be very useful to have. The receiving system would use this to know how to process the alert.

[jeff-cook]

Not sure why alert_info would not be relevant. Wouldn't provide details about the alert and what type of alert/rule it is?

[Qmando]

rule_name and alert_info are all static information. Just add it to the static payload.

[jeff-cook]

My concern is that means manually and reliably re-entering test in the same file for every rule file.