Hi Stefan,
please read the previous posts I wrote in this thread and the documentation
section I've linked to.
There is no single message object in the email body but always a collection
of messages in the backlog variable which you have to iterate over with
foreach.
Cheers,
Jochen
On Thursday, 30 June 2016 12:16:03 UTC+2, Stefan Krüger wrote:
>
> ok, I am to stupid for this..
>
> the body looks like:
> ##########
> Alert Description: ${check_result.resultDescription}
> Date: ${check_result.triggeredAt}
> Stream ID: ${stream.id}
> Stream title: ${stream.title}
> Stream description: ${stream.description}
> ${if stream_url}Stream URL: ${stream_url}${end}
>
> source= ${message.source}
> messagefield= ${message.fields.ssh_login_username}
> Triggered condition: ${check_result.triggeredCondition}
> ##########
>
> ${if backlog}Last messages accounting for this alert:
> ${foreach backlog message}${message}
>
> ${end}${else}<No backlog>
> ${end}
>
> but i get:
> ##########
> Alert Description: Stream received messages matching <ssh_login_username:
> "root"> (Current grace time: 0 minutes)
> Date: 2016-06-30T10:11:27.213Z
> Stream ID: 57692df6e4b02d1805abd229
> Stream title: ssh success logins
> Stream description: successfull ssh logins
> Stream URL: Please configure 'transport_email_web_interface_url' in your
> Graylog configuration file.
>
> source=
> messagefield=
> Triggered condition: 28483061-1db9-4676-9b81-6aacc653b1f9:
> FIELD_CONTENT_VALUE={field: ssh_login_username, value: root}, stream:={
> 57692df6e4b02d1805abd229: "ssh success logins"}
> ##########
>
> <No backlog>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/952154b5-5932-438d-984e-e81f4b1fc4e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
