Trigger Outputs and Integrations Overview

George Alpizar
George Alpizar
  • Updated

Overview

You can use this document to better understand the parameters for trigger outputs and integration.

In the Edge Delta App, when you create an integration or an individual output, similar parameters will display. As a result, this document applies to both outputs and integrations.

Note

To learn how to create an output or integration, see Create and Manage Outputs and Integrations.

Review Supported Archive Outputs

The Edge Delta App supports the following archive outputs:

Supported Trigger Outputs Description

AWS Lambda

This output streams notifications and alerts to the specified AWS Lambda FaaS endpoint.

To learn more, see AWS Lambda Trigger Outputs and Integrations.

Azure Event Hubs

This output type streams notifications and alerts to a specified Event Hub URL.

To learn more, see Azure Event Hubs Trigger Outputs and Integrations.

Azure Functions

This output type streams notifications and alerts to an Azure endpoint.

To learn more, see Azure Functions Trigger Outputs and Integrations.
Big Panda

This output type streams notifications and alerts to a specified BigPanda endpoint.

To learn more, see Big Panda Trigger Outputs and Integrations.
Email 

This output type streams notifications and alerts to a specified email address. 

To learn more, see Email Trigger Outputs and Integrations.

Jira

This output type streams notifications and alerts to a specified Jira webhook URL.

To learn more, see Jira Trigger Outputs and Integrations.
Microsoft Teams

This output type streams notifications and alerts to a specified Teams channel.

To learn more, see Microsoft Teams Trigger Outputs and Integrations.

Moogsoft

This output type streams notifications and alerts to a specified Moogsoft URL.

To learn more, see Moogsoft Trigger Output and Integration.

Pagerduty

This output type streams notifications and alerts to a specified Pagerduty API endpoint.

To learn more, see Pagerduty Trigger Outputs and Integrations.

Remedy

This output type streams notifications and alerts to a specified Remedy URL.

To learn more, see Remedy Trigger Outputs and Integrations.

Service Now

This output type streams notifications and alerts to a specified Service Now API endpoint.

To learn more, see Service Now Trigger Outputs and Integrations.
Slack

This output type streams notifications and alerts to a specified Slack channel.

To learn more, see Slack Trigger Outputs and Integrations.

VictorOps

This output type streams notifications and alerts to a VictorOps endpoint.

To learn more, see VictorOps (Splunk On-Call) Trigger Outputs and Integrations .

Webhook

This output type streams notifications and alerts to a specified Webhook URL.

To learn more, see Webhook Trigger Outputs and Integrations.

 

Review Notify Content Parameters 

For triggering outputs and triggering integrations, the Notify Content parameter is an optional way to customize the notification content for specific triggers.

Review the following subfields:

Subfield in YAML Description
Title

This field is the title text for the webhook message.

This field can be customized with custom template fields.
disable_default_fields

This field is used to disable default fields in notification messages.

By default, the value is false.
custom_fields

You can extend the notification content by adding name-value pairs, which you can build with the template fields listed below.

To learn more, see Review Custom Fields for notification_content.
advanced_content

This field provides full flexibility to define the payload in notification post requests.

  • Advanced Content overrides other settings, such as title, custom fields, etc.
    • Custom templates are also supported in Advanced Content.

To learn more, see Review Template Values for Trigger Payloads.

 

Review Custom Fields for notification_content

Review the following custom fields for notification_content:  

Custom Field Description
Tag

This field is a tag to describe the environment, such as prod_us_west_2_cluster.
EDAC This field is the Edge Delta Anomaly Context ID.
Host This field is the hostname of the environment where the agent runs on.
ConfigID This field is the configuration ID for the agent.
MetricName This field is the metric name that causes the anomaly.
Source This field is the identifier name of the source, such as docker container id or file name.
SourceType This field is the source type, such as Docker or system.
SourceAttributes This field is list of source attributes.
Timestamp This field is the timestamp for when an event is triggered.
Epoch This field is the timestamp (in epoch format) for when an event triggered.
CurrentValue This field is the metric current value.
ThresholdValue This field is the threshold value.
ThresholdDescription This field is a detailed threshold description that includes the threshold type, value, etc.
MatchedTerm This field is a sample log message to describe the anomaly event.
ThresholdType This field is the threshold type.
FileGlobPath This field is the file global path.
K8sPodName This field is the Kubernetes pod name.
K8sNamespace This field is the Kubernetes namespace.
K8sControllerKind This field is the Kubernetes controller kind.
K8sContainerName This field is the Kubernetes container name.
K8sContainerImage This field is the Kubernetes container image.
K8sControllerLogicalName This field is the Kubernetes controller logical name.
ECSCluster This field is the ECS cluster name.
ECSContainerName This field is the ECS container name.
ECSTaskVersion This field is the ECS task version.
ECSTaskFamily This field is the ECS task family.
DockerContainerName This field is the Docker container name.

 

The following example displays the use of custom fields:

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         disable_default_fields: false
         custom_fields:
           "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
           "Current Value": "{{.CurrentValue}}"
           "Threshold Value": "{{.ThresholdValue}}"
           "Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
           "Built-in Threshold Description": "{{.ThresholdDescription}}"
           "Matched Term": "{{.MatchedTerm}}"
           "Threshold Type": "{{.ThresholdType}}"
           "File Path": "{{.FileGlobPath}}"
           "K8s PodName": "{{.K8sPodName}}"
           "K8s Namespace": "{{.K8sNamespace}}"
           "K8s ControllerKind": "{{.K8sControllerKind}}"
           "K8s ContainerName": "{{.K8sContainerName}}"
           "K8s ContainerImage": "{{.K8sContainerImage}}"
           "K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
           "ECSCluster": "{{.ECSCluster}}"
           "ECSContainerName": "{{.ECSContainerName}}"
           "ECSTaskVersion": "{{.ECSTaskVersion}}"
           "ECSTaskFamily": "{{.ECSTaskFamily}}"
           "DockerContainerName": "{{.DockerContainerName}}"
           "SourceAttributes": "{{.SourceAttributes}}"
           "ConfigID": "{{.ConfigID}}"
           "EDAC": "{{.EDAC}}"
           "Epoch": "{{.Epoch}}"
           "Host": "{{.Host}}"
           "MetricName": "{{.MetricName}}"
           "Source": "{{.Source}}"
           "SourceType": "{{.SourceType}}"
           "Tag": "{{.Tag}}"

The following example displays the uses of advanced_content:

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         advanced_content: |
           {
             "blocks": [
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                 }
               },
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                 }
               }
             ]
           }

 

Share this document