Overview
This output types sends notifications and alerts to a specified Slack channel.
Before you begin
To use this output, you must have available a Slack webhook or endpoint URL.
- To learn more about webhooks, review this document from Slack.
Review Sample Configuration
The following sample configuration displays an output without the name of the organization-level integration:
- name: error-anomaly-slack
type: slack
endpoint: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
suppression_window: 60m
suppression_mode: global
notify_content:
title: "Anomaly Detected: {{.ProcessorDescription}}"
disable_default_fields: false
advanced_content: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
}
}
]
}
custom_fields:
"Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}×tamp={{.Timestamp}}"
"Current Value": "{{.CurrentValue}}"
"Threshold Value": "{{.ThresholdValue}}"
"Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
"Built-in Threshold Description": "{{.ThresholdDescription}}"
"Matched Term": "{{.MatchedTerm}}"
"Threshold Type": "{{.ThresholdType}}"
"File Path": "{{.FileGlobPath}}"
"K8s PodName": "{{.K8sPodName}}"
"K8s Namespace": "{{.K8sNamespace}}"
"K8s ControllerKind": "{{.K8sControllerKind}}"
"K8s ContainerName": "{{.K8sContainerName}}"
"K8s ContainerImage": "{{.K8sContainerImage}}"
"K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
"ECSCluster": "{{.ECSCluster}}"
"ECSContainerName": "{{.ECSContainerName}}"
"ECSTaskVersion": "{{.ECSTaskVersion}}"
"ECSTaskFamily": "{{.ECSTaskFamily}}"
"DockerContainerName": "{{.DockerContainerName}}"
"SourceAttributes": "{{.SourceAttributes}}"
"ConfigID": "{{.ConfigID}}"
"EDAC": "{{.EDAC}}"
"Epoch": "{{.Epoch}}"
"Host": "{{.Host}}"
"MetricName": "{{.MetricName}}"
"Source": "{{.Source}}"
"SourceType": "{{.SourceType}}"
"Tag": "{{.Tag}}"
Review Parameters
Review the following parameters that you can configure in the Edge Delta App, specifically in a YAML file.
name
Required
Enter a descriptive name for the output or integration.
For outputs, this name will be used to map this destination to a workflow.
Review the following example:
name: error-anomaly-slack
integration_name
Optional
This parameter refers to the organization-level integration created in the Integrations page.
If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name parameter. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.
Review the following example:
integration_name: ed-alert-slack
endpoint
Required
Enter the Slack Webhook or APP endpoint URL.
Review the following example:
endpoint: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
type
Required
Enter slack.
Review the following example:
type: slack
suppression_window
Optional
Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues during this time period.
The default value is 20m.
Review the following example:
suppression_window: 30m
suppression_mode
Optional
Enter a suppression mode, which can be local or global.
The default mode is local, which indicates that an individual agent will suppress an issue if the agent has already made a local notification for a similar issue within the last suppression window.
Global mode indicates that an individual agent will check with the Edge Delta backend to see if there were similar alerts from other sibling agents.
Note
Sibling agents are agents that share the same tag in the configuration.
Review the following example:
suppression_mode: local
notify_content: title
Optional
Enter a descriptive title for the notification.
You can use this parameter to customize the notification content.
This parameter supports templating.
To learn more, see Review Notify Content Parameters.
Review the following example:
notify_content:
title: "Anomaly Detected: {{.ProcessorDescription}}"
notify_content: disable_default_fields
Enter true or false to disable default fields in a notification.
If you disable the default fields, then we recommend that you configure custom headers and custom fields.
Review the following example:
notify_content: disable_default_fields: false
custom_headers
Optional
This parameter is used to customize the notification content.
If you do not want to use the default fields in the notification, then you can create custom headers and fields.
To learn more, see Review Notify Content Parameters.
Review the following example:
custom_headers: X-header1: "test-header"
custom_fields
Optional
This parameter is used to customize the notification content.
If you do not want to use the default fields in the notification, then you can create custom headers and fields.
To learn more, see Review Notify Content Parameters.
Review the following example:
custom_fields:
"Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}×tamp={{.Timestamp}}"
"Current Value": "{{.CurrentValue}}"
"Threshold Value": "{{.ThresholdValue}}"
advanced_content
Optional
A payload is JSON object that is used to define metadata in the message.
You are responsible for ensuring the validity of the JSON object.
Additionally, configurations you make with this parameter will override all other configurations, including custom_fields, title, and disable_default_fields.
- To learn more, see Review Template Values for Trigger Payloads.
- Additionally, you can review this document from Slack.
Review the following example:
advanced_content: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
}
}
]
}
Quick links