In the Event textfield, you can structure your generated event however you like. To insert values from the alert, use this format: (for example if you want to put src_ip field from the alert into the generated field)
$result.src_ip$
E.g. you can put this in the event text box:
Alert log - src_ip: $result.src_ip$ , severity: $result.severity$
In the Event textfield, you can structure your generated event however you like. To insert values from the alert, use this format: (for example if you want to put src_ip field from the alert into the generated field)
$result.src_ip$
E.g. you can put this in the event text box:
Alert log - src_ip: $result.src_ip$ , severity: $result.severity$
Thank you for solving my problem 😄
The alert is triggered by a query. The first row of the results of the query are available to be used in the log message you create. Therefore, you need to include all the information you want to be in your log in the results of the query that triggers the alert.