We've recently switched from Truesight over to ELK and I am working on setting up monitoring for different things. I have an adequate understanding of how to create basic rules and conditions, but I cannot seem to find documentation extensively listing Actions - Message - Rule Variables.

I see the Add rule variable button next to the Message field, and preloaded fields such as {{alertName}} {{context.reason}} but there isn't very much listed in the tool.

For this particular rule, I am using Metric Threshold for CPU monitoring. I have setup my threshold and verified it's working. However, I would like to gather more detailed information like the process names that are using the most CPU.

Is this possible and if so, could someone point me to documentation with exhaustive attributes/fields I am able to use in my message? Any direction here would be most welcome. Thanks in advance!

Edit. Using 7.16 beats/kibana