alert_text_args problem

[luatdeptrai]

Hi everyone, I have some problem with my alert config. I want to use alert_text_args to get nested field: log.Obj_ReponseCC.sendMessage.from But the problem is log.Obj_ReponseCC is full name of a field and elastalert think that Obj_ReponseCC is subfield of log field. How to fix this!!

This is full alert config:

es_host: localhost
es_port: 9200
name: BRANDNAME TEMPLATE NOT MATCH ALERT
type: frequency
index: filebeat*
num_events: 51
timeframe:
    minutes: 5
realert:
  minutes: 0
filter:
- query:
     query_string:
       query: "log.Obj_ReponseCC.errorCode : 011*"
query_key: log.Obj_ReponseCC.account
alert_text: "At {0} brand name: {1}\nError name: {2} Code: {3}\nAccount: {4} send to phone number: {5} more than 50 times in 5 minutes\nMessage: {6}\nResolve: Check entered data again!"
alert_text_args: ["sourceInfo.date", "log.Obj_ReponseCC.sendMessage.from", "log.Obj_ReponseCC.errorMessage", "log.Obj_ReponseCC.errorCode", "log.Obj_ReponseCC.account", "log.Obj_ReponseCC.sendMessage.to", "log.Obj_ReponseCC.sendMessage.message"]
alert_text_type: alert_text_only

alert:
- "telegram"

telegram_bot_token: 6490431344:AAFmIjifVVnHfGR6NglDUeDdufRqgYUj3kc
telegram_room_id: "-***********"

This is JSON log:

"log.Obj_ReponseCC": {
      "account": "hatp",
      "msgLength": 96,
      "mtCount": 1,
      "errorCode": "011",
      "sendMessage": {
        "telco": "01",
        "scheduled": "",
        "from": "HATP",
        "type": 1,
        "useUnicode": 0,
        "to": "**********",
        "message": "abc",
        "requestId": "7348288fbe814ccfa774e960a9b91a8c"
      },

[nsano-rururu]

ElastAlert is no longer maintained. Please use ElastAlert2 instead.

[luatdeptrai]

ElastAlert is no longer maintained. Please use ElastAlert2 instead.

So how can I do it with elastalert2 pls help..

[nsano-rururu]

Ask your own questions. https://github.com/jertel/elastalert2/discussions