Get the log line in alert of alertmanager

julienlrx72 · April 14, 2021, 12:15pm

Hi,
I have a Loki that gets logs from Promtail and send alerts to an Alertmanager. I have a rules that sends an alert to the AlertManager each time there is a new log line :

alert: SysMon_Critical_Error
expr: sum by (job) (rate({job=“sysmon”} |~ “CRITICAL|EXP_C|LINKERR_C|NETERR_C|PROCERR_C”[1h]))>0.00
labels:
severity: critical
category: logs
job: sysmon
annotations:
summary: SysMon Error Critical

What I would like is to display the log line that trigger the alert in a label or in the summary of the alert of AlertManager.
For example, when a log line is : “2021-04-14 13:56:00
2021-04-14 13:55:59 [EXP_C]”, I would like to have it written in a label or in the summary in the alertmanager (right now I didn’t find a solution) :

Is this possible ?
Thanks for your help

julienlrx72 · April 16, 2021, 2:18pm

Just found the solution :
I have added this part in my promtail config :
pipeline_stages:
- match:
selector: ‘{job=“sysmon”}’
stages:
- regex:
expression: ‘^(?P.*)$’
- labels:
logline:

And now I have the label in my alertmanager :

system · April 16, 2022, 2:19pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Loki Ruler Alert — Missing Label Value (log message) in Alertmanager but visible in Grafana Grafana Loki	3	42	December 30, 2025
Using the logQL matched log line within my alert template for Alertmanager Grafana Loki	3	1133	July 2, 2022
Including full log error message in alert notification using Loki Grafana Loki alerting , logs	14	13650	September 22, 2024
Loki send alert when error message comes in log Grafana Loki alerting	9	11605	April 15, 2022
Loki groups rules get content log Grafana Loki alerting , loki , alert-notifications	1	392	November 4, 2023

Get the log line in alert of alertmanager

Related topics