我已经用我的elasticsearch主机配置了elastalert实例。我还创建了一个示例规则，该规则将检查日志级别并在日志中匹配该模式时发出警报。

一切正常，我可以在我的闲置频道上正确收到警报。

唯一关心的是我收到的警报中的信息/数据
。elastalert插件正在发送与我正在寻找的模式相关的所有属性；但我对所有信息都不感兴趣。我只关心某些特定属性。

这是我的规则的一个示例：

# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
 es_host:

# (Optional)
# Elasticsearch port
 es_port:

# (OptionaL) Connect with SSL to elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
 name: DB2 test Rule

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
 type: frequency

# (Required)
# Index to search, wildcard supported
 index: logstash-* # logstash-2016.04.05 #logstash-YYYY.MM.DD # logstash-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
 num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
 timeframe:
  hours: 12

# (Required)
# A list of elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
 filter:
 - query:
    query_string:
      query: "type: db2 AND logLevel: Warning"

# (Required)
# The alert is use when a match is found
 alert:
 - "slack"
 slack:
 slack_webhook_url: "XYZ"

我在闲置频道上收到的警报如下所示：

DB2 test Rule
DB2 test Rule

At least 1 events occurred between 2016-04-29 07:51 UTC and 2016-04-29 19:51 UTC

@timestamp: 2016-04-29T19:51:45.940Z
@version: 1
_id: 
_index: logstash-2016.04.29
_type: db2
apphdl: 
appid: 
authid: 
day: 29
db: NEO
eduid: 
eduname: 
function: 
host: 
hostname: 
hour: 14
id: 
instance: 
logLevel: Warning
logMessage: 
LOADID: 
DATA #2 : 
Completed 
message:       LEVEL: Warning

和ETC ETC …

我想自定义此警报消息，以便它仅用我关心的那些属性来警报我。 （有关前时间表，日志级别和更多其他信息。）

有没有办法做到这一点？非常感谢您的帮助或指导。