ElastAlert is a fantastic python module that makes it easy to setup near – realtime alerts and responses to entries of interest. A quick piece of information which I didnt find clearly documented was how to insert an alert name into a custom subject line sending email alerts.
A typical custom email alert rule file would include something similar to the following:
alert_subject: “My Alert: {0} triggered”
alert_subject_args:
– name
The “name” variable is basically a “reserved keyword” that will be substituted with the alert name, internally the code is making a lookup in a dictionary:
if ‘alert_subject_args’ in self.rule:
alert_subject_args = self.rule[‘alert_subject_args’]
Looking at other parts of the code reveals that “self.rule” is a dictionary, which has an element called “name” containing the alert name defined in the rule file
David Vassallo's Blog 