Triggering Outputs and Integrations Overview

George Alpizar
George Alpizar
  • Updated

Overview

You can use this document to view supported triggering outputs and integrations. 

In the Edge Delta App, when you create an integration or an individual output, similar parameters will display. As a result, this document applies to both outputs and integrations.

Note

To learn how to create an output or integration, see Create and Manage Outputs and Integrations.

Review Supported Archive Outputs

The Edge Delta App supports the following archive outputs:

Supported Triggering Outputs Description

AWS Lambda

This output type sends notifications and alerts to the specified AWS Lambda FaaS endpoint.

To learn more, see AWS Lambda Triggering Output and Integration.

Azure Event Hubs

This output type sends notifications and alerts to a specified Event Hub URL.

To learn more, see Azure Event Hubs Triggering Output and Integration.

Azure Functions

This output type sends notifications and alerts to an Azure endpoint.

To learn more, see Azure Functions Triggering Output and Integration.
Big Panda

This output type sends notifications and alerts to a specified BigPanda endpoint.

To learn more, see Big Panda Triggering Output and Integration.
Email 

This output type sends notifications and alerts to a specified email address. 

To learn more, see Email Triggering Output and Integration.

Jira

This output type sends notifications and alerts to a specified Jira webhook URL.

To learn more, see Jira Triggering Output and Integration.
Microsoft Teams

This output type sends notifications and alerts to a specified Teams channel.

To learn more, see Microsoft Teams Triggering Output and Integration.

Moogsoft

This output type sends notifications and alerts to a specified Moogsoft URL.

To learn more, see Moogsoft Triggering Output and Integration.

Pagerduty

This output type sends notifications and alerts to a specified Pagerduty API endpoint.

To learn more, see Pagerduty Triggering Output and Integration.

Remedy

This output type sends notifications and alerts to a specified Remedy URL.

To learn more, see Remedy Triggering Output and Integration.

Service Now

This output type sends notifications and alerts to a specified Service Now API endpoint.

To learn more, see Service Now Triggering Output and Integration.
Slack

This output type sends notifications and alerts to a specified Slack channel.

To learn more, see Slack Triggering Output and Integration.

VictorOps

This output type sends notifications and alerts to a VictorOps endpoint.

To learn more, see VictorOps (Splunk On-Call) Triggering Output and Integration.

Webhook

This output type sends notifications and alerts to a specified Webhook URL.

To learn more, see Webhook Triggering Output and Integration.

 

Review Notify Content Parameters 

For triggering outputs and triggering integrations, the Notify Content parameter is an optional way to customize the notification content for specific triggers.

Review the following subfields:

Subfield in YAML Description
Title

This field is the title text for the webhook message.

This field can be customized with custom template fields.
disable_default_fields

This field is used to disable default fields in notification messages.

By default, the value is false.
custom_fields

You can extend the notification content by adding name-value pairs, which you can build with the template fields listed below.

To learn more, see Review Custom Fields for notification_content.
advanced_content

This field provides full flexibility to define the payload in notification post requests.

  • Advanced Content overrides other settings, such as title, custom fields, etc.
    • Custom templates are also supported in Advanced Content.

To learn more, see Review Template Values for Trigger Payloads.

 

Review Custom Fields for notification_content

Review the following custom fields for notification_content:  

Custom Field Description
Tag

This field is a tag to describe the environment, such as prod_us_west_2_cluster.
EDAC This field is the Edge Delta Anomaly Context ID.
Host This field is the hostname of the environment where the agent runs on.
ConfigID This field is the configuration ID for the agent.
MetricName This field is the metric name that causes the anomaly.
Source This field is the identifier name of the source, such as docker container id or file name.
SourceType This field is the source type, such as Docker or system.
SourceAttributes This field is list of source attributes.
Timestamp This field is the timestamp for when an event is triggered.
Epoch This field is the timestamp (in epoch format) for when an event triggered.
CurrentValue This field is the metric current value.
ThresholdValue This field is the threshold value.
ThresholdDescription This field is a detailed threshold description that includes the threshold type, value, etc.
MatchedTerm This field is a sample log message to describe the anomaly event.
ThresholdType This field is the threshold type.
FileGlobPath This field is the file global path.
K8sPodName This field is the Kubernetes pod name.
K8sNamespace This field is the Kubernetes namespace.
K8sControllerKind This field is the Kubernetes controller kind.
K8sContainerName This field is the Kubernetes container name.
K8sContainerImage This field is the Kubernetes container image.
K8sControllerLogicalName This field is the Kubernetes controller logical name.
ECSCluster This field is the ECS cluster name.
ECSContainerName This field is the ECS container name.
ECSTaskVersion This field is the ECS task version.
ECSTaskFamily This field is the ECS task family.
DockerContainerName This field is the Docker container name.

 

The following example displays the use of custom fields:

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         disable_default_fields: false
         custom_fields:
           "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
           "Current Value": "{{.CurrentValue}}"
           "Threshold Value": "{{.ThresholdValue}}"
           "Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
           "Built-in Threshold Description": "{{.ThresholdDescription}}"
           "Matched Term": "{{.MatchedTerm}}"
           "Threshold Type": "{{.ThresholdType}}"
           "File Path": "{{.FileGlobPath}}"
           "K8s PodName": "{{.K8sPodName}}"
           "K8s Namespace": "{{.K8sNamespace}}"
           "K8s ControllerKind": "{{.K8sControllerKind}}"
           "K8s ContainerName": "{{.K8sContainerName}}"
           "K8s ContainerImage": "{{.K8sContainerImage}}"
           "K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
           "ECSCluster": "{{.ECSCluster}}"
           "ECSContainerName": "{{.ECSContainerName}}"
           "ECSTaskVersion": "{{.ECSTaskVersion}}"
           "ECSTaskFamily": "{{.ECSTaskFamily}}"
           "DockerContainerName": "{{.DockerContainerName}}"
           "SourceAttributes": "{{.SourceAttributes}}"
           "ConfigID": "{{.ConfigID}}"
           "EDAC": "{{.EDAC}}"
           "Epoch": "{{.Epoch}}"
           "Host": "{{.Host}}"
           "MetricName": "{{.MetricName}}"
           "Source": "{{.Source}}"
           "SourceType": "{{.SourceType}}"
           "Tag": "{{.Tag}}"

The following example displays the uses of advanced_content:

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         advanced_content: |
           {
             "blocks": [
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                 }
               },
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                 }
               }
             ]
           }

 

Share this document