There is a way to use query-level metadata fields (starttime and endtime) as variables in alert_text_args? #1744
Unanswered
OshriBaruch
asked this question in
Q&A
Replies: 1 comment
-
|
This discussion seems to have gotten at least starttime to work: #342 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
Is there an existing way to access the query-level metadata fields (starttime and endtime) that appear in the default text message generated by ElastAlert?
I tried to use:
include_rule_params_in_first_match_only: false
include_rule_params_in_matches:
- starttime
- endtime
- timeframe
But they do not appear as existing fields when I try to reference them in alert_text_args.
They appear as missing or cause a backend issue, perhaps because they are internal state variables of the rule execution rather than fields in the Elasticsearch document itself.
For endtime, I received - Null
For starttime, I received: TypeError - Unable to serialize datetime.timedelta
Beta Was this translation helpful? Give feedback.
All reactions