Zabbix trigger, how to pull parameters out of the payload

triggers
payload
#1

I’m in the process of learning StackStorm and building a small proof of concept that takes a trigger from Zabbix and runs an action to restart a service on a Windows server.

I’d like some help in figuring out how to take a parameter from the following alert_message and use that as an option in a rule.
Specifically I’m looking to take the hostname and event id out of the message text.

Thanks.

+-----------------+--------------------------------------------------------------+
| Property        | Value                                                        |
+-----------------+--------------------------------------------------------------+
| id              | 5cc854319a6fe026884e44df                                     |
| trigger         | zabbix.event_handler                                         |
| occurrence_time | 2019-04-30T23:57:05.000000Z                                  |
| payload         | {                                                            |
|                 |     "alert_sendto": "Admin",                                 |
|                 |     "extra_args": [],                                        |
|                 |     "alert_message": "{"items": [{"value": "99 %", "host":   |
|                 | "DC1", "name": "#3: CPU utilization", "key":                 |
|                 | "system.cpu.util[hrProcessorLoad.3]"}, {"value":             |
|                 | "*UNKNOWN*", "host": "*UNKNOWN*", "name": "*UNKNOWN*",       |
|                 | "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host":          |
|                 | "*UNKNOWN*", "name": "*UNKNOWN*", "key": "*UNKNOWN*"},       |
|                 | {"value": "*UNKNOWN*", "host": "*UNKNOWN*", "name":          |
|                 | "*UNKNOWN*", "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*",     |
|                 | "host": "*UNKNOWN*", "name": "*UNKNOWN*", "key":             |
|                 | "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host": "*UNKNOWN*",    |
|                 | "name": "*UNKNOWN*", "key": "*UNKNOWN*"}, {"value":          |
|                 | "*UNKNOWN*", "host": "*UNKNOWN*", "name": "*UNKNOWN*",       |
|                 | "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host":          |
|                 | "*UNKNOWN*", "name": "*UNKNOWN*", "key": "*UNKNOWN*"}],      |
|                 | "trigger": {"status": "PROBLEM", "id": "15970", "name": "#3: |
|                 | High CPU utilization"}, "event": {"id": "1120", "time":      |
|                 | "23:57:03"}}",                                               |
|                 |     "alert_subject": "PROBLEM: #3: High CPU utilization"     |
|                 | }                                                            |
| status          | processed                                                    |
+-----------------+--------------------------------------------------------------+
(Eugen C.) #3

Take a look at Rules — StackStorm 3.0.0 documentation and examples about how to work with the payload.

What did you try already to extract needed data from the payload (for example payload.alert_message.event)?
How your rule looks like?