How to add message field from elasticsearch logs into grafana email alerts

Grafana version: 10.3.3

I want to get fields from elasticsearch logs in body of emails alerts grafana. Specifically, a “Message” field in logs generated by elasticsearch. I am trying to get this in alert emails similar to other fields such as hostname, hostip etc.

Logs has details like this:- Message: “error in system”

I have a elasticsearch data source configured.
While creating an email alert, I m using lucene query to capture the logs. While adding “message” as one of the terms, the query returns no data.

I understand that group by won’t work with message field. Is there any way we can achieve this?

My email alert should contain something like this:

message: “error in the system”

Sorry, I can’t copy the configurations. But let me know what’s needed, I will try to arrange or find the alternatives for it.

Hello.
Any luck with this? I also have same task to solve.

Thank you for your replay. Can you share some screenshots with me please?

Unfortunately, no. I don’t have ES, OP has ES. Why you don’t post it?


here is my screenshot. I tried to group by message, but when I do that, metrics are disappear.

Be familiar with mapping on ES level. You can group on keyword type field.

Oh, now I got it, thank you very much for your help, it works. Have a great day. :armenia: :ukraine:

hello, how did you do it? i cant group by message field since its text, did you have to create new field in elastic?
@vazgentorosyan1 @jangaraj

I would like to access a result set column data e.g. error_message based on the given filter criteria e.g. LOG_LEVEL=ERROR. Then, I would like to use this exact error_message fetched using the Grafana query and then email/alert the user.
In simple terms: I wanted to fetch and alert user with exact error_message using grafana alerting.

Any possible suggestion will be very helpful.