Kibana Alerting

Hi ,

I want to know how can i add the below extraction mustache query in the action phase
Severity: {{ctx.trigger.severity}}

  • Source IP:{{ctx.sourceIP}}
  • Login username:{{ctx.username}}
  • Destination IP:{{ctx.DestinationIP}}

I want to get this information in the mail notification because i can see the " Severity: {{ctx.trigger.severity}} " where as i am not able to see other fields like source IP login username and destination IP

Please help me how can i configure this correctly


Hi @dilipchiru,

Please see our documentation specifying the fields that are available from the context variable:

Are you referring to ctx.username as in using Alerting + Security or are these fields something returned by your search query? If they are returned by the search query you can access them via ctx.results[0] and navigating down to your search results using . key ..