How to add message field from elasticsearch logs into grafana email alerts

Grafana version: 10.3.3

I want to get fields from elasticsearch logs in body of emails alerts grafana. Specifically, a “Message” field in logs generated by elasticsearch. I am trying to get this in alert emails similar to other fields such as hostname, hostip etc.

Logs has details like this:- Message: “error in system”

I have a elasticsearch data source configured.
While creating an email alert, I m using lucene query to capture the logs. While adding “message” as one of the terms, the query returns no data.

I understand that group by won’t work with message field. Is there any way we can achieve this?

My email alert should contain something like this:

message: “error in the system”

Sorry, I can’t copy the configurations. But let me know what’s needed, I will try to arrange or find the alternatives for it.

Hello.
Any luck with this? I also have same task to solve.

Thank you for your replay. Can you share some screenshots with me please?

Unfortunately, no. I don’t have ES, OP has ES. Why you don’t post it?


here is my screenshot. I tried to group by message, but when I do that, metrics are disappear.

Be familiar with mapping on ES level. You can group on keyword type field.

Oh, now I got it, thank you very much for your help, it works. Have a great day. :armenia: :ukraine: