The default alarm message variables($profileName, $query and $result) are specific to log_monitoring_service probe itself and not generic. These are actually placeholder variables which are replaced by associated values in the generated alarm messages. Please find their specific replacement values for respective variables as under:
- $profileName: In the actual alarm message generated by the probe, this variable would be replaced by name of the probe profile which caused the generated alarm.
- $query: In the actual alarm message generated by the probe, this variable would be replaced by the Elasticsearch string/query against which the match was found which generated an alarm.
- $result: In the actual alarm message generated by the probe, this variable would be replaced by elasticseach document’s key-value pairs. This elasticsearch document contains any attribute(s) satisfying the matching criteria. Also, this document would be part of an elasticsearch index on which the search applies.
If you are using the latest version of the probe(i.e. log_monitoring_service-1.2.0), then you would get $message variable as well which gets replaced by message attribute’s value of ingested logs.
Typing ${ in the message field via the Admin Console allowed me to list these variable (it does not work via the MCS profile).
baseline, level, operator, predictionValue, qosReference, qos_name, qos_source, qos_target, source, target, threshold, threshold_sign, threshold_symbol, threshold_value, tttTime, tttTimeUnit, tttValue, unit, value.
If you go to the below link, under Section 8 is a list of alarm variables and descriptions:
https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/how-to-articles/configuring-alarm-thresholds#ConfiguringAlarmThresholds-dynamicppmv3.24ForHubsRunningppmv3.24andLater