I am using elastic cloud (Elastic Search : v8.6.2) and have configured watchers to trigger email for elastic search query which fetched results from specific index pattern(Which has server logs). Below email action I have configured in my watcher.
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"[email protected]"
],
"subject": "LogMonitor - Identified keyword matched {{ctx.payload.hits.total}} times",
"body": {
"html": "The following {{ctx.payload.hits.total}} text matched<table border=1><tr><td>Message</td></tr>{{#ctx.payload.hits.hits}}<tr><td>{{_source.message}}</td></tr>{{/ctx.payload.hits.hits}}</table>"
}
}
}}
Below is the sample message which I have received in email which is appending "http://" before the java class name and it is visible as a link in email.
http://SampleClass.java:193 hello this is a test
Actual Message should sent in email like below as simple message
SampleClass.java:193 hello this is a test
I have tried disabling html sanitization from elastic search user setting in Elastic Cloud Admin Panel but it didn't work.
xpack.notification.email.html.sanitization.enabled: false
Can anyone know what I missed in configuration part or in watcher to get actual log message which is indexed.
Thanks in advance.