Logmanager dokumentace
Přepnout tmavý/světlý/automatický režim Přepnout tmavý/světlý/automatický režim Přepnout tmavý/světlý/automatický režim Zpět na domovskou stránku
  1. Logmanager dokumentace
  2. /
  3. Další informace
  4. /
  5. Zpracování událostí pomocí blockly
  6. /
  7. Předdefinované XML bloky
  8. /
  9. Special Blocks
  10. /
  11. Special elements
  12. /
  13. Send alert

Send alert

This section is available only in English
This block is used only for Alerts.

Block “Send alert” is used to send alerts to the defined email when conditions preceding the alert are met. Variable containing the whole message (msg) is defined in the left part. In the right part you define the formatting template which is used to generate content of the email notification.

Block XML representation

XML representation of alert_send block

<xml xmlns="http://www.w3.org/1999/xhtml">
  <block type="alert_send">
    <field name="ALERT_TEMPLATE">93843042-f00d-4b5c-9b5f-cd2d389cc39d</field>
    <value name="VAR">
      <shadow type="variables_get">
        <field name="VAR">msg</field>
      </shadow>
    </value>
  </block>
</xml>

Example of visual representation

Block "Send alert"

Block “Send alert”

Example of block usage

Example of "Send alert" block

Example of “Send alert” block

An example can be the notification send in case of Windows crash. Block “Send alert” is located on the end of schema and is activated only if the preceding conditions are met:

  • Message is marked with tag “windows”,
  • Variable “channel” in the data part of the message contains the word “System”,
  • and variable “eventid” in the data part of the message contains number “6008”.

Block for sending the email uses the selected template “Windows-system-crash” for formatting of the notification content.

Input data 

{
  "msg": {
    "eventid": "6008",
    "eventid@int": {
      "value": 6008
    },
    "channel": "System",
    "name": "Application Error"
  },
  "raw": "<34>1 2017-01-02T00:01:00.679013-00:00 TEST ApplicationError - msgld {\"eventid\": \"1000\", \"channel\": \"System\", \"name\": \"Application Error\"}",
  "@timestamp": "2017-01-01T23:01:00.679+00:00",
  "meta": {
    "forwarder@id": "00000000-0000-0000-0000-000000000000",
    "tags": ["windows"],
    "timestamp": "2017-01-02T00:01:00.679008+00:00",
    "parser": "microsoft-windows",
    "tags@id": ["f28e96de-edc6-4371-9c69-ea71aa045384"],
    "instance@id": "00000000-0000-0000-0000-000000000000",
    "src": {
      "dialect": "relp",
      "severity": "crit",
      "facility": "auth",
      "ip": "192.0.2.180",
      "ip@ip": {
        "city": "Unknown",
        "is_reserved": false,
        "value": "192.0.2.180",
        "version": 4,
        "country_code": "Un",
        "is_multicast": false,
        "country_name": "Unknown",
        "ptr": "win.example.com",
        "is_link_local": false
      },
      "pid": "-",
      "host": "TEST",
      "program": "ApplicationError"
    },
    "type": "user",
    "plugin": "windows"
  },
  "raw_offset": 69,
  "@version": "1"
}

Processed result

Result of the "Send alert" block processing

Result of the “Send alert” block processing