Introduction

To send the detailed information like alert name, configured elastic index, elastic type and other information for scheduled alert in email notification subject and message


Pre-requisites


Step-by-Step Instruction


Email Action:

Select Parameter menu above subject and message and click on merge to bind the parameter in subject and message.

 

Webhook Action:

Select Parameter menu above webhook value and click on merge to bind the parameter in webhook value.

For configuring slack notification in webhook, Refer the following article How to send slack notification in Skedler-Alerts


List of merge parameters and its definitions        

Parameter Name
Definition
${AlertName}
Configured alert name
${Index}
Elasticsearch index pattern (or) name
${IndexType}
Elasticsearch index type
${TimeField}
Time field name
${TimeStamp}
Alert triggered time
${CurrentTimeWindow}
current "from" and "to" time window date range
${CompareTimeWindow}
compare "from" and "to" time window date range
${CurrentAlertCondition}
Current alert condition details like keyword filter, aggregation filter, compare filter
${CompareAlertCondition}
Compare alert condition details like keyword filter, aggregation filter, compare filter
${Result}
Resulting event count (or) grouping count
${AlertDetailsURL}
Drill down url which provides the root cause data from an alert notification.
${drilldownESQuery1} or ${drilldownESQuery}
Drill down elasticsearch query for the alert rule of timewindow
${drilldownESQuery2}
Drill down elasticsearch query alert rule of compare timewindow
${drilldownKibanaQuery1} or ${drilldownKibanaQuery}
Drill down kibana query for the  alert rule of timewindow
${drilldownKibanaQuery2}
Drill down kibana query for the  alert rule of compare timewindow


Note  - For detailed configuration on drill down Elasticsearch query and drill down Kibana query. Refer the below article on 

How to drilldown to the root cause data from Alert notification?