ok, I am to stupid for this..
the body looks like:
##########
Alert Description: ${check_result.resultDescription}
Date: ${check_result.triggeredAt}
Stream ID: ${stream.id}
Stream title: ${stream.title}
Stream description: ${stream.description}
${if stream_url}Stream URL: ${stream_url}${end}
source= ${message.source}
messagefield= ${message.fields.ssh_login_username}
Triggered condition: ${check_result.triggeredCondition}
##########
${if backlog}Last messages accounting for this alert:
${foreach backlog message}${message}
${end}${else}<No backlog>
${end}
but i get:
##########
Alert Description: Stream received messages matching <ssh_login_username:
"root"> (Current grace time: 0 minutes)
Date: 2016-06-30T10:11:27.213Z
Stream ID: 57692df6e4b02d1805abd229
Stream title: ssh success logins
Stream description: successfull ssh logins
Stream URL: Please configure 'transport_email_web_interface_url' in your
Graylog configuration file.
source=
messagefield=
Triggered condition: 28483061-1db9-4676-9b81-6aacc653b1f9:
FIELD_CONTENT_VALUE={field: ssh_login_username, value: root}, stream:={
57692df6e4b02d1805abd229: "ssh success logins"}
##########
<No backlog>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a387a959-e206-4912-856c-902dd07406a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
