Is it possible to dynamically set fields within a rule based on the output of the ELK query? #3305
Description
I currently have an alert that runs an ELK query, and then alerts team A if the number of events exceeds a threshold. This query spans across multiple databases, which belong to other teams, like team B/C/D... However, I would like to know if it is possible to configure a single Elastalert rule to dynamically route an alert to a respective team based on the output of ELK query.
For example, if the alert fires for a given database abcde, I would like to route that directly to team ABCDE (using Opsgenie, so that would look like dynamically setting the value for alert.opsgenie.opsgenie_tags).
Is this possible?