We have a simple alert with a Webook action assigned to it with an endpoint is OMI.
Search: index=xyz TCP_ERROR appName="jojothedolphin"
Alert: If number of results > 10
After the alert is triggered, field and values I want to send as my payload are stored in tokens:
$trigger_date$
$trigger_time$
$alert.severity$
$job.resultCount$
But I am pulling my hair out trying to figure out how to access them and their value. I cannot get them to display in a table (or any other way which would then become my payload. Help!
Damon
↧