Email alerting in Kibana not getting more data

Hi Team,

I have configure the alerting section to an gmail in opendistro kibana 7.10.2 version,

Here i was getting limited information to the mail

Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.

  • Trigger: {{ctx.trigger.name}}
  • Severity: {{ctx.trigger.severity}}
  • Period start: {{ctx.periodStart}}
  • Period end: {{ctx.periodEnd}}
    -Username: {{ctx.results.0.hits.hits.0._source.user}}

So Here my requirement is like need to get the real-time live data from the Index pattern values such as index pattern name ,document ID of the event in index, source IP , Dest IP etc,

I was using the opendistro elasticsearch 7.10.2 with the wazuh 4.1.5 version.

Please provide some relevant information about this.

Thanks & Regards,

wazuhsai

Hi @wazuhsai ,
Here is available variables can use with ctx.
I assume source IP,Dest IP is in your own data.
You might need to use aggregation in the query of monitor.
Using terms aggregation to group by source ip or dest ip.
bucket_selector can help you filter some bucket in your aggregation.
Using like ctx.results[0].aggregations. with Mustache to build message.