The Humio Repository notifier sends the alerts to a Humio repository. This can be used to summarize all alert events, or to aggregate information from multiple alerts.
|Ingest token||An ingest token for the repository receiving the alerts.|
The alert events sent to the parser contain the following fields:
||The id of the alert that fired.|
||The user-made name of the alert that fired.|
||The user-made description of the alert that fired.|
||The time at which the alert was fired.|
||The query start time (e.g. 10m).|
||The query end time (e.g. now).|
||The name of the repository from which the alert fired.|
||A unique id for the alert. Can be used to identify events from the same triggering of the alert.|
||The original alert event, encoded as JSON.|
The default parser json-for-notifier will extract the original event from the
@rawstring field, so that the parsed event contains all the original fields together with all the
@alert.XXX fields. It will not parse any timestamps, so if the original event does not contain a
@timestamp field, the event will get “now” as timestamp.
The events you send through this notifier counts towards the daily ingest limit.