Mattermost

Surface incidents in Mattermost for self-hosted teams. Add mattermost under alert: with webhook URL, channel override, and rich attachment fields as needed.

Field reference lives under Options; Full working example at the end shows full YAML (name, type, index, filter, and this destination).

Options

Keys below match the ElastAlert 2 alerter. Shared rule fields such as alert_subject apply as described in Subject & body. Example fragments from the ElastAlert 2 reference appear indented under the option they illustrate (add your own name, type, index, and filter to make a full rule).

Required

mattermost_webhook_url — The webhook URL. Follow Mattermost incoming webhooks (opens in a new tab) to create an incoming webhook on your Mattermost installation.

Optional

mattermost_proxy — By default ElastAlert 2 will not use a network proxy to send notifications to Mattermost. Set this option using hostname:port if you need to use a proxy. only supports https.
mattermost_ignore_ssl_errors — By default ElastAlert 2 will verify SSL certificate. Set this option to True if you want to ignore SSL errors.
mattermost_username_override — By default Mattermost will use your username when posting to the channel. Use this option to change it (free text).
mattermost_channel_override — Incoming webhooks have a default channel, but it can be overridden. A public channel can be specified "#other-channel", and a Direct Message with "@username".
mattermost_emoji_override — By default ElastAlert 2 will use the :ghost: emoji when posting to the channel. You can use a different emoji per ElastAlert 2 rule. Any Apple emoji can be used; see Emojipedia (Apple) (opens in a new tab) for names. If mattermost_icon_url_override parameter is provided, emoji is ignored.
mattermost_icon_url_override — By default ElastAlert 2 will use the :ghost: emoji when posting to the channel. You can provide icon_url to use custom image. Provide absolute address of the pciture.
mattermost_msg_pretext — You can set the message attachment pretext using this option.
mattermost_msg_color — By default the alert will be posted with the 'danger' color. You can also use 'good', 'warning', or hex color code.
mattermost_msg_fields — You can add fields to your Mattermost alerts using this option. You can specify the title using title and the text value using value. Additionally you can specify whether this field should be a short field using short: true. If you set args and value is a formattable string, ElastAlert 2 will format the incident key based on the provided array of fields from the rule or match. See Mattermost message attachment fields (opens in a new tab) for more information.

Example mattermost_msg_fields

 mattermost_msg_fields:
   - title: Stack
     value: "{0} {1}" # interpolate fields mentioned in args
     short: false
     args: ["type", "msg.status_code"] # fields from doc
   - title: Name
     value: static field
     short: false

mattermost_title — Sets a title for the message, this shows up as a blue text at the start of the message. Defaults to "".
mattermost_title_link — You can add a link in your Mattermost notification by setting this to a valid URL. Requires mattermost_title to be set. Defaults to "".
mattermost_footer — Add a static footer text for alert. Defaults to "".
mattermost_footer_icon — A Public Url for a footer icon. Defaults to "".
mattermost_image_url — An optional URL to an image file (GIF, JPEG, PNG, BMP, or SVG). Defaults to "".
mattermost_thumb_url — An optional URL to an image file (GIF, JPEG, PNG, BMP, or SVG) that is displayed as thumbnail. Defaults to "".
mattermost_author_name — An optional name used to identify the author.. Defaults to "".
mattermost_author_link — An optional URL used to hyperlink the author_name. Defaults to "".
mattermost_author_icon — An optional URL used to display a 16x16 pixel icon beside the author_name. Defaults to "".
mattermost_attach_kibana_discover_url — Enables the attachment of the kibana_discover_url to the mattermost notification. The config generate_kibana_discover_url must also be True in order to generate the url. Defaults to False.

Example mattermost_attach_kibana_discover_url, mattermost_kibana_discover_color, mattermost_kibana_discover_title

 # (Required)
 generate_kibana_discover_url: True
 kibana_discover_app_url: "http://localhost:5601/app/discover#/"
 kibana_discover_index_pattern_id: "4babf380-c3b1-11eb-b616-1b59c2feec54"
 kibana_discover_version: "7.15"
 
 # (Optional)
 kibana_discover_from_timedelta:
   minutes: 10
 kibana_discover_to_timedelta:
   minutes: 10
 
 # (Required)
 mattermost_attach_kibana_discover_url: True
 
 # (Optional)
 mattermost_kibana_discover_color: "#ec4b98"
 mattermost_kibana_discover_title: "Discover in Kibana"

mattermost_kibana_discover_color — The color of the Kibana Discover url attachment. Defaults to #ec4b98.
mattermost_kibana_discover_title — The title of the Kibana Discover url attachment. Defaults to Discover in Kibana.
mattermost_attach_opensearch_discover_url — Enables the attachment of the opensearch_discover_url to the mattermost notification. The config generate_opensearch_discover_url must also be True in order to generate the url. Defaults to False.

Example mattermost_attach_opensearch_discover_url, mattermost_kibana_discover_color, mattermost_kibana_discover_title

 # (Required)
 generate_opensearch_discover_url: True
 opensearch_discover_app_url: "http://localhost:5601/app/discover#/"
 opensearch_discover_index_pattern_id: "4babf380-c3b1-11eb-b616-1b59c2feec54"
 opensearch_discover_version: "2.11"
 
 # (Optional)
 opensearch_discover_from_timedelta:
   minutes: 10
 opensearch_discover_to_timedelta:
   minutes: 10
 
 # (Required)
 mattermost_attach_opensearch_discover_url: True
 
 # (Optional)
 mattermost_opensearch_discover_color: "#ec4b98"
 mattermost_opensearch_discover_title: "Discover in opensearch"

mattermost_opensearch_discover_color — The color of the Opensearch Discover url attachment. Defaults to #ec4b98.
mattermost_opensearch_discover_title — The title of the Opensearch Discover url attachment. Defaults to Discover in opensearch.

Full working example

name: Example alert for Mattermost
type: any
index: "*-*"
filter:
  - query:
      query_string:
        query: "level:error OR log.level:error"
alert:
  - "mattermost"
mattermost_webhook_url: "https://mattermost.example/hooks/REPLACE"

Matrix Hookshot Microsoft Power Automate