Overview
You can use this document to view supported triggering outputs and integrations.
In the Edge Delta App, when you create an integration or an individual output, similar parameters will display. As a result, this document applies to both outputs and integrations.
Note
To learn how to create an output or integration, see Create and Manage Outputs and Integrations.
Review Supported Archive Outputs
The Edge Delta App supports the following archive outputs:
Supported Triggering Outputs | Description |
AWS Lambda |
This output type sends notifications and alerts to the specified AWS Lambda FaaS endpoint. To learn more, see AWS Lambda Triggering Output and Integration. |
Azure Event Hubs |
This output type sends notifications and alerts to a specified Event Hub URL. To learn more, see Azure Event Hubs Triggering Output and Integration. |
Azure Functions |
This output type sends notifications and alerts to an Azure endpoint. To learn more, see Azure Functions Triggering Output and Integration. |
Big Panda |
This output type sends notifications and alerts to a specified BigPanda endpoint. To learn more, see Big Panda Triggering Output and Integration. |
This output type sends notifications and alerts to a specified email address. To learn more, see Email Triggering Output and Integration. |
|
Jira |
This output type sends notifications and alerts to a specified Jira webhook URL. To learn more, see Jira Triggering Output and Integration. |
Microsoft Teams |
This output type sends notifications and alerts to a specified Teams channel. To learn more, see Microsoft Teams Triggering Output and Integration. |
Moogsoft |
This output type sends notifications and alerts to a specified Moogsoft URL. To learn more, see Moogsoft Triggering Output and Integration. |
Pagerduty |
This output type sends notifications and alerts to a specified Pagerduty API endpoint. To learn more, see Pagerduty Triggering Output and Integration. |
Remedy |
This output type sends notifications and alerts to a specified Remedy URL. To learn more, see Remedy Triggering Output and Integration. |
Service Now |
This output type sends notifications and alerts to a specified Service Now API endpoint. To learn more, see Service Now Triggering Output and Integration. |
Slack |
This output type sends notifications and alerts to a specified Slack channel. To learn more, see Slack Triggering Output and Integration. |
VictorOps |
This output type sends notifications and alerts to a VictorOps endpoint. To learn more, see VictorOps (Splunk On-Call) Triggering Output and Integration. |
Webhook |
This output type sends notifications and alerts to a specified Webhook URL. To learn more, see Webhook Triggering Output and Integration. |
Review Notify Content Parameters
For triggering outputs and triggering integrations, the Notify Content parameter is an optional way to customize the notification content for specific triggers.
Review the following subfields:
Subfield in YAML | Description |
Title |
This field is the title text for the webhook message. This field can be customized with custom template fields. |
disable_default_fields |
This field is used to disable default fields in notification messages. By default, the value is false. |
custom_fields |
You can extend the notification content by adding name-value pairs, which you can build with the template fields listed below. To learn more, see Review Custom Fields for notification_content. |
advanced_content |
This field provides full flexibility to define the payload in notification post requests.
To learn more, see Review Template Values for Trigger Payloads. |
Review Custom Fields for notification_content
Review the following custom fields for notification_content:
Custom Field | Description |
Tag |
This field is a tag to describe the environment, such as prod_us_west_2_cluster. |
EDAC | This field is the Edge Delta Anomaly Context ID. |
Host | This field is the hostname of the environment where the agent runs on. |
ConfigID | This field is the configuration ID for the agent. |
MetricName | This field is the metric name that causes the anomaly. |
Source | This field is the identifier name of the source, such as docker container id or file name. |
SourceType | This field is the source type, such as Docker or system. |
SourceAttributes | This field is list of source attributes. |
Timestamp | This field is the timestamp for when an event is triggered. |
Epoch | This field is the timestamp (in epoch format) for when an event triggered. |
CurrentValue | This field is the metric current value. |
ThresholdValue | This field is the threshold value. |
ThresholdDescription | This field is a detailed threshold description that includes the threshold type, value, etc. |
MatchedTerm | This field is a sample log message to describe the anomaly event. |
ThresholdType | This field is the threshold type. |
FileGlobPath | This field is the file global path. |
K8sPodName | This field is the Kubernetes pod name. |
K8sNamespace | This field is the Kubernetes namespace. |
K8sControllerKind | This field is the Kubernetes controller kind. |
K8sContainerName | This field is the Kubernetes container name. |
K8sContainerImage | This field is the Kubernetes container image. |
K8sControllerLogicalName | This field is the Kubernetes controller logical name. |
ECSCluster | This field is the ECS cluster name. |
ECSContainerName | This field is the ECS container name. |
ECSTaskVersion | This field is the ECS task version. |
ECSTaskFamily | This field is the ECS task family. |
DockerContainerName | This field is the Docker container name. |
The following example displays the use of custom fields:
notify_content:
title: "Anomaly Detected: {{.ProcessorDescription}}"
disable_default_fields: false
custom_fields:
"Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}×tamp={{.Timestamp}}"
"Current Value": "{{.CurrentValue}}"
"Threshold Value": "{{.ThresholdValue}}"
"Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
"Built-in Threshold Description": "{{.ThresholdDescription}}"
"Matched Term": "{{.MatchedTerm}}"
"Threshold Type": "{{.ThresholdType}}"
"File Path": "{{.FileGlobPath}}"
"K8s PodName": "{{.K8sPodName}}"
"K8s Namespace": "{{.K8sNamespace}}"
"K8s ControllerKind": "{{.K8sControllerKind}}"
"K8s ContainerName": "{{.K8sContainerName}}"
"K8s ContainerImage": "{{.K8sContainerImage}}"
"K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
"ECSCluster": "{{.ECSCluster}}"
"ECSContainerName": "{{.ECSContainerName}}"
"ECSTaskVersion": "{{.ECSTaskVersion}}"
"ECSTaskFamily": "{{.ECSTaskFamily}}"
"DockerContainerName": "{{.DockerContainerName}}"
"SourceAttributes": "{{.SourceAttributes}}"
"ConfigID": "{{.ConfigID}}"
"EDAC": "{{.EDAC}}"
"Epoch": "{{.Epoch}}"
"Host": "{{.Host}}"
"MetricName": "{{.MetricName}}"
"Source": "{{.Source}}"
"SourceType": "{{.SourceType}}"
"Tag": "{{.Tag}}"
The following example displays the uses of advanced_content:
notify_content:
title: "Anomaly Detected: {{.ProcessorDescription}}"
advanced_content: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
}
}
]
}