根据 ElastAlert文档，您可以将警报限制为仅包含文档中的某些字段使用包括。

在您的情况下，将是：

  include：[@timestamp，logLevel，message] 
 

I have configured elastalert instance with my elasticsearch host. I have also created an example rule which will be checking for loglevel and alert when that pattern is matched in the logs.

Everything is working fine, I am getting the alerts on my slack channel correctly.

The only concern is the information/data in the alert which I am receiving. The elastalert plugin is sending all the attributes associated with the pattern I am looking for; but I am not interested in all the information. All I care about is about some particular attributes.

Here is an example of my rule:

# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
 es_host: 

# (Optional)
# Elasticsearch port
 es_port: 

# (OptionaL) Connect with SSL to elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
 name: DB2 test Rule

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
 type: frequency

# (Required)
# Index to search, wildcard supported
 index: logstash-* # logstash-2016.04.05 #logstash-YYYY.MM.DD # logstash-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
 num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
 timeframe:
  hours: 12

# (Required)
# A list of elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
 filter:
 - query:
    query_string:
      query: "type: db2 AND logLevel: Warning"

# (Required)
# The alert is use when a match is found
 alert:
 - "slack"
 slack:
 slack_webhook_url: "XYZ"

And the alert I am getting on my slack channel looks like this:

DB2 test Rule
DB2 test Rule

At least 1 events occurred between 2016-04-29 07:51 UTC and 2016-04-29 19:51 UTC

@timestamp: 2016-04-29T19:51:45.940Z
@version: 1
_id: 
_index: logstash-2016.04.29
_type: db2
apphdl: 
appid: 
authid: 
day: 29
db: NEO
eduid: 
eduname: 
function: 
host: 
hostname: 
hour: 14
id: 
instance: 
logLevel: Warning
logMessage: 
LOADID: 
DATA #2 : 
Completed 
message:       LEVEL: Warning

and ETC ETC...

I would like to customize this alert message, so that it alerts me with only those attributes which I care about. (for ex timeline, loglevel and couple of more.)

Is there a way to do that? A little help or direction to pursue is very much appreciated.

According to the ElastAlert documentation, you can limit the alert to only containing certain fields from the document by using include.

In your case it would be:

include: ["@timestamp", "logLevel", "message"]