Grafana version & environment
- Grafana version: v12.0.4
- Alert type: Grafana-managed alerts
- Data source: Elasticsearch
- OS: Linux
1.What am I trying to achieve?
I want to send dynamic field values from Elasticsearch (for example job_name.keyword) in an alert email notification when an alert fires.
Specifically, I want the email to contain the cancelled SAP background job name when a job is detected as cancelled in the last 10 minutes.
Example desired email content:
Affected Job Name: Z_PC_MD_LAUNCH_PC
2.How am I trying to achieve it?
I have a panel and alert rule based on this Elasticsearch query:
PRC:10725 AND SYSID:PRE AND status:“Cancelled”
Query configuration:
Metric: Count
Group by:
Terms → job_name.keyword
Date Histogram → DATETIME
Alert expressions:
Reduce → Last
Threshold → IS ABOVE 0
In the notification template, I tried to reference the job name using:
{{ index .CommonAnnotations “JobName” }}
and also tried using .Values, .Labels, and .Annotations.
What happened?
The alert fires correctly when cancelled jobs exist.
However:
Using Terms (job_name.keyword) often causes alert evaluation issues
The alert notification does not include the job name
Grafana seems to only evaluate numeric conditions, not return dynamic field values
3.What did I expect to happen?
I expected the alert notification to include the actual job name(s) that caused the alert, similar to how panels display grouped fields.
Question
Is it technically possible in Grafana Alerting to:
Extract and include dynamic field values (like job_name.keyword) from Elasticsearch queries
And display them in email / Teams / Slack alert notifications?
If not:
Is there any supported workaround (labels, annotations, transformations, multiple alerts, etc.)?
Or is this a known limitation of Grafana Alerting by design?
Additional context
I understand alerts are intended for state detection, not reporting, but I want to confirm whether:
This is a hard limitation, or
There is a supported pattern to achieve this.
Thanks in advance 
