support event fields in custom message

[jozefbarcin]

Does this plugin support event fields in custom message e.g:

${event_definition_title}
${event_definition_description}
${event_definition_type}
${event.timestamp}
${event.message}
${event.source}
${event.key}
${event.priority}
${event.alert}
${event.timestamp}
${event.timerange_start}
${event.timerange_end}

For me it doesn't

Tested environment: graylog version 3.1.2 plugin version 1.0.3

[sboeingSPA]

Hej @jozefbarcin Under the customMessage field is a small description with properties that are supported.

Are the fields you expecting to exist coming from the old slack notification plugin? or where are they from? Maybe i can help you then were this informations are now

[jozefbarcin]

Hi @sboeingSPA thx, for quick response. I saw the small description

Fields above are coming from the new email notification. (not legacy)

The old Alerts system has been replaced by an Alerts & Events system in Graylog 3.1. So the new fields should be supported.

[sboeingSPA]

I checked the email notification code and noticed that they have a much better way of defining possible fields for the custom message ;) So i will rework the current implementation which is based on the old slack plugin and will be improved to better support the new notification system.

currently it only supports following fields from your list: ${event.timerange_start} --> ${event_timerange_start} ${event.timerange_end} --> ${event_timerange_end} ${event.message} --> ${message} ${event.priority} --> ${priority} ${event.alert} --> ${alert}

Maybe i can rework the fields at the weekend, but no later than in two weeks you will get all your fields like they are currently available in the email notification.

[sboeingSPA]

Hej @jozefbarcin please have a look on the new release 1.0.4. The required Graylog version has been changed to 3.1.3. I hope that is ok for you.

[jozefbarcin]

@sboeingSPA looks good. All fields described above are working. thank you

I was checking what we used before and I'm missing field check_result.triggeredCondition.parameters.query. In graylog 3.1 and above should something like event definition query

[sboeingSPA]

Hej @jozefbarcin sorry for the long delay. I planed to fix both currently open issues in one release...

But now you have a version with the full event_definition available in the messages. Please noticed that it is an optional property that may not exist for some reason (i currently don't know in which situations graylog may not provide it...) and that parts of it depend on your configuration. for the query i expect that you will need ${event_definition.config.query}

[jozefbarcin]

Any update?