How to use custom trigger variables in the raised alert messages to know triggered condition details

I am raising an alert for my API having more than 2ms responseTime. This is my trigger condition :
for (int i = 0; i < ctx.results[0].hits.hits.length; i++) {
if(2 < ctx.results[0].hits.hits[i]._source.responseTime) {
score = true;
} else {
score = false;
}
}
return score;

I am trying to send the message with the specific details of my source with the API url and response time, something like below just for all raised alerts(how do we ensure that):

Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.

  • API Url : {{ctx.results.0.hits.hits.0._source.msg}} and response time {{ctx.results.0.hits.hits.0._source.responseTime}}but i need details only for raised alerts - as this will work on whole extraction query response
  • Trigger: {{ctx.trigger.name}}
  • Severity: {{ctx.trigger.severity}}

Someone please help.

Hi @kunalsingh,

Can you move this logic outside of the trigger and into the monitor itself?
i.e. the monitor query is the one that finds all hits with responeTime > 2 and then your trigger and action can just be “dumb” and rely on hits > 0 and show all.

Can you move this logic outside of the trigger and into the monitor itself?

What if the answer to this is no? I have a similar problem but I don’t think the condition can be moved into the monitor itself. I would still like to be able to set some custom text in the alert message. (Sidenote: I have inquired elsewhere if writing an ES query to do what I want is possible but as far as I know it is not)

rely on hits > 0 and show all

In that case, what does “show all” look like? I wouldn’t want to just pack the entire ctx.results[0].hits.hits list into the message. Is it possible to map the list of hits into a list of strings (from one field) and print that?

I have the similar requirement. Let me know if you got any solution.

Hi @gpaciga,

Is it possible to map the list of hits into a list of strings (from one field) and print that?

Assuming that the resulting hits are the one that are filtered and match your expected condition, then you can iterate over them in the alert message and print the fields you want. For example:

{{#ctx.results.0.hits.hits}}
  {{_source.fieldToPrint}}
{{/ctx.results.0.hits.hits}}

As for getting multiple alerts on conditions defined within the Trigger itself, this isn’t currently possible in the Alerting plugin. However, a feature enhancement is currently in progress that will allow for bucket-level alerting where fields can be grouped on and an alert can be created for each bucket/event.

The feature enhancement is captured in this issue.