Let’s say we have ELK datasource and we want to be alerted when service throw an error in logs.
Basically this would be like:
A. query: kubernetes.labels.app : "servicename" AND level : ("Error", "Fatal"), Metric=Count
B. classic condition, expr: when last of A > 1...
I want to switch Metric from “count” to “Logs” to get the table with all information from log entry. And this perfectly works in Explore, but it does not on alert creation page with the same parameters.
Is there a way to get a text from ELK message field and send it in alert description?