Aria Operations for Logs is up and running and capturing all of your vCenter events, task, and alarms, your ESXi Host logs, and other Syslog sources. You're making notifications via email on certain logs, but not capturing all of the log fields in your email, how do you get them? Here's how!
I have an Alert defined with the following query:
I've chosen an arbitrary string "After request" because I know they are being generated, but this will work for whatever string you are searching for. I have an alert (including an email notification) defined as follows.
The email notification comes in looking like this.
You'll notice that the email includes only the log entry itself, but none of the extracted fields. So, without a way to customize an email payload template (like we can in Aria Operations), how can we get these extracted fields into the email? Like this!
Adjust your Alert to include the extracted field as you wish, like this.
My emails now include the extracted field in the Subject.
Note that you can only include one extracted field in your subject line, so choose wisely. I've opened a feature request for more options here, including the ability to have fully customizable email payload templates.