Log Management
Alerting
Destinations
Microsoft Teams

Microsoft Teams

Deliver card-style messages to Teams using an incoming webhook connector. Use ms_teams in alert: with the webhook URL and optional theme or proxy settings. Add ms_teams under alert: on your rule (you can combine destinations).

Skim Options for required vs optional keys, then open Full working example for runnable YAML including index and filter.

Options

Keys below match the ElastAlert 2 alerter. Shared rule fields such as alert_subject apply as described in Subject & body. Example fragments from the ElastAlert 2 reference appear indented under the option they illustrate (add your own name, type, index, and filter to make a full rule).

Required

  • ms_teams_webhook_url — The webhook URL that includes your auth data and the ID of the channel you want to post to. Go to the Connectors menu in your channel and configure an Incoming Webhook, then copy the resulting URL. You can use a list of URLs to send to multiple channels.

Optional

  • ms_teams_alert_summary — MS Teams use this value for notification title, defaults to Alert Subject. You can set this value with arbitrary text if you don't want to use the default.

  • ms_teams_theme_color — By default the alert will be posted without any color line. To add color, set this attribute to a HTML color value e.g. #ff0000 for red.

Example usage

 alert:
   - "ms_teams"
 ms_teams_theme_color: "#6600ff"
 ms_teams_webhook_url: "MS Teams Webhook URL"

  • ms_teams_proxy — By default ElastAlert 2 will not use a network proxy to send notifications to MS Teams. Set this option using hostname:port if you need to use a proxy. only supports https.

  • ms_teams_alert_fixed_width — By default this is False and the notification will be sent to MS Teams as-is. Teams supports a partial Markdown implementation, which means asterisk, underscore and other characters may be interpreted as Markdown. Currently, Teams does not fully implement code blocks. Setting this attribute to True will enable line by line code blocks. It is recommended to enable this to get clearer notifications in Teams.

  • ms_teams_alert_facts — You can add additional facts to your MS Teams alerts using this field. Specify the title using name and a value for the field or arbitrary text using value.

Example ms_teams_alert_facts

 ms_teams_alert_facts:
   - name: Host
     value: monitor.host
   - name: Status
     value: monitor.status
   - name: What to do
     value: Page your boss
  • ms_teams_attach_kibana_discover_url — Enables the attachment of the kibana_discover_url to the MS Teams notification. The config generate_kibana_discover_url must also be True in order to generate the url. Defaults to False.

Example ms_teams_attach_kibana_discover_url, ms_teams_kibana_discover_title

 # (Required)
 generate_kibana_discover_url: True
 kibana_discover_app_url: "http://localhost:5601/app/discover#/"
 kibana_discover_index_pattern_id: "4babf380-c3b1-11eb-b616-1b59c2feec54"
 kibana_discover_version: "7.15"
 
 # (Optional)
 kibana_discover_from_timedelta:
   minutes: 10
 kibana_discover_to_timedelta:
   minutes: 10
 
 # (Required)
 ms_teams_attach_kibana_discover_url: True
 
 # (Optional)
 ms_teams_kibana_discover_title: "Discover in Kibana"

  • ms_teams_kibana_discover_title — The title of the Kibana Discover url attachment. Defaults to Discover in Kibana.

  • ms_teams_attach_opensearch_discover_url — Enables the attachment of the opensearch_discover_url to the MS Teams notification. The config generate_opensearch_discover_url must also be True in order to generate the url. Defaults to False.

Example ms_teams_attach_opensearch_discover_url, ms_teams_opensearch_discover_title

 # (Required)
 generate_opensearch_discover_url: True
 opensearch_discover_app_url: "http://localhost:5601/app/discover#/"
 opensearch_discover_index_pattern_id: "4babf380-c3b1-11eb-b616-1b59c2feec54"
 opensearch_discover_version: "7.15"
 
 # (Optional)
 opensearch_discover_from_timedelta:
   minutes: 10
 opensearch_discover_to_timedelta:
   minutes: 10
 
 # (Required)
 ms_teams_attach_opensearch_discover_url: True
 
 # (Optional)
 ms_teams_opensearch_discover_title: "Discover in opensearch"

  • ms_teams_opensearch_discover_title — The title of the Opensearch Discover url attachment. Defaults to Discover in opensearch.

  • ms_teams_ca_certs — Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.

  • ms_teams_ignore_ssl_errors — By default ElastAlert 2 will verify SSL certificate. Set this option to True if you want to ignore SSL errors.

Full working example

name: Example alert for Microsoft Teams
type: any
index: "*-*"
filter:
  - query:
      query_string:
        query: "level:error OR log.level:error"
alert:
  - "ms_teams"
ms_teams_webhook_url: "https://outlook.office.com/webhook/..."

See also Subject & body.

Microsoft Power AutomateOpsgenie