Notifications parameters are not exported/imported anymore

[frantz45]

Since version v4.3.0, notifications parameters are not exported anymore. Before there was a specific JSON section named notification_parameters:

"notification_parameters": {
      "severity": "HIGH",
      "log_body": "type: alert\nid: ${logging_alert.id}\nseverity: ${logging_alert.severity}\napp: graylog\nsubject: ${event_definition_title}\nbody: ${event_definition_description}\n${if backlog && backlog[0]} src: ${backlog[0].fields.src_ip}\nsrc_category: ${backlog[0].fields.src_category}\ndest: ${backlog[0].fields.dest_ip}\ndest_category: ${backlog[0].fields.dest_category}\n${end}",
      "split_fields": [],
      "single_notification": false,
      "aggregation_time": 0,
      "alert_tag": "LoggingAlert"
}

Now there is only the id of the notification:

"notification":"6346d6872d12f92f4cd3854a"

Regarding the Import functionnality, if you import a JSON in the old format (with notification_parameters), all notification parameters are imported except the split fields.

[frantz45]

Is it possible to fix it in a v4.3.1 for people using Graylog v4.2 in addition to the current release ?

[frantz45]

I've attached an example of the old JSON format with notification_parameters rule.txt

[c8y3]

Releases 4.3.1 and 4.4.1 should hopefully fix the issue.

[frantz45]

I confirm it works in v4.4.1