dlancelin
commented
5 years ago The value of fields does not appear in the reason the alert was triggered because multiple values may match. However, you can access the value of the fields, in your case 'peerip', with a notification (email or log) by specifying ${message.fields.peerip}.
I recently started to use this plugin and see messages such this " The additional stream had 2 messages with trigger condition more than 0 messages additional messages before main messages the main stream had 2 messages with trigger condition more than 0 messages in the last 5 minutes with the same value of the fields peer_ip". How could I know the value of fields which have been specified? In my case this is 'peer_ip' field.