I have setup an alert rule in Elastic Cloud that checks every 1 minute if the log.level of a document is Error it sends an email. I wanted to send me some document values for each document. I set this in Rule message
Elasticsearch query alert '{{alertName}}' is active:
- Value: {{context.value}}
- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}
- Timestamp: {{context.date}}
- Link: {{context.link}}
- SomeCustomValue1: {{context.payload.SomeCustomValue1}}
- SomeCustomValue2: {{context.payload.SomeCustomValue2}}
Where SomeCustomValue1,SomeCustomValue2 are found in each document. the email arrives but the SomeCustomValue1 and SomeCustomValue2 are null.
How can I achieve the above?
