Windows System Event Log "message" details not accurate

Question

We are using the default&nbsp;Windows System Event Log event source and having those errors route through a Teams integration. When tested from&nbsp;Windows System Event Log event source the Event Logging displays the entire “message” detailing the eventID reason etc etc. When looking in the Alerts section of the GUI it also shows the entire “Message” section with details.&nbsp;However when the alert shows up in Teams its dumbed down and useless. We get the following.&nbsp;Message: error - HOSTNAME Windows System Event LogThe Teams integration is setup identically to the Event Source Alert message as seen below. Anyone know why ##Message## is getting overwritten with useless info instead of the actual message details from the Event?&nbsp;Host: ##HOST##Eventsource: ##EVENTSOURCE##Windows Event ID: &nbsp;##EVENTCODE##Message: ##MESSAGE##Detected on: ##START##

stuart_weenig · Answer

Wait, your payload has 5 lines in it, but what shows up in teams only has the one line? Sounds like LM is ignoring your desired payload. Or only putting your desired payload behind the “full alert details” button and creating their own “subject” line.

Does the “full alert details” expand the card or is it a link to LM? I imagine teams uses the Adaptive Cards framework (they built it after all). Webex uses the same framework (why rebuild it when MS was nice enough to make it open?). I built our Webex teams integration from scratch and was able to specify the entirety of the card format. Seems like maybe LM is only letting you modify a small section of the card.

If so, we should have them change it so you can pass in the JSON for the card itself as designed here instead of passing in a portion of the text you want pasted in.

stuart_weenig · Answer

The message token has always been a bit weird. Try adding your own email address to the escalation chain and check the email template to see that it includes the ##message## token. That will tell you if the problem is with the integration or with the message token itself.

derek_haneman · Answer

Yeah its looking like the latter. When i get it built i’ll post it here for others.&nbsp;

derek_haneman · Answer

Also, yeah i know i can click the button in the teams message “Full Alert Details” but that’s not ideal when you want your alerts face up and human readable at first glance.&nbsp;

stuart_weenig · Answer

Ok, then it has to do with something LM is doing under the covers that they aren’t telling you about. Your options are to submit a feature request that they open it up or fix it or something, OR rebuild it yourself.

Forum Discussion

Windows System Event Log "message" details not accurate

7 Replies

Related Content

Windows service datasource error

Does anyone have any experience with monitoring Windows Processes?

Windows Failover Cluster Monitoring

sending Windows syslogs to Logicmonitor

It there a Windows equivalent of 'VMware_vCenter_HostPerformance' DataSource

Recent Discussions

Issues with Set-LMWebsiteGroup

ESX Host Services?

What not to do when developing code

REST API 503 errors

Anyone else have issues logging into these new forums with Firefox?