Overview
This output types streams notifications and alerts to a specified Slack channel.
Before you begin
To use this output, you must provide a Slack webhook or endpoint URL.
- To learn more about webhooks, review this document from Slack.
Review Parameters
Review the following parameters that you can configure in the Edge Delta App:
Visual Editor | YAML | Description |
Name | name |
Enter a descriptive name for the output or integration. For outputs, this name will be used to map this destination to a workflow. This parameter is required. Review the following example: name: error-anomaly-slack |
Integration | integration_name |
This parameter only appears when you create an individual output. This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated. If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows. This parameter is optional. Review the following example: integration_name: ed-alert-slack |
Endpoint | endpoint |
Enter the Slack Webhook or APP endpoint URL. This parameter is required. Review the following example: endpoint: "<ADD SLACK ENDPOINT>" |
Not applicable | type |
Enter slack. This parameter is required. Review the following example: type: slack |
Suppression Window | suppression_window |
Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues for this time period. The default value is 20m. This parameter is optional. Review the following example: suppression_window: 30m |
Suppression Mode | suppression_mode |
Enter a suppression mode, which can be local or global. The default mode is local, which indicates that an individual agent suppresses an issue if the agent has already made a local notification for a similar issue in the last suppression window. Global mode indicates that an individual agent checks with the Edge Delta backend to see if there were similar alerts from other sibling agents (agents that share the same tag in the configuration). This parameter is optional. Review the following example: suppression_mode: local |
Title |
notify_content: title: |
Enter a descriptive title for the notification. You can use this parameter to customize the notification content. This parameter supports templating. To learn more, see Review Notify Content Parameters. This parameter is optional. Review the following example: notify_content: title: "Anomaly Detected: {{.ProcessorDescription}}" |
Disable Default Fields |
notify_content: disable_default_fields |
Enter true or false to disable default fields in a notification. If you disable default fields, then Edge Delta recommends that you configure custom headers and custom fields. This parameter is optional. Review the following example: notify_content: disable_default_fields: false |
Custom Headers | custom_headers |
This parameter is used to customize the notification content. If you do not want to use default fields in a notification, then create custom headers and fields. To learn more, see Review Notify Content Parameters. This parameter is optional. Review the following example: custom_headers: X-header1: "test-header" |
Custom Fields | custom_fields |
This parameter is used to customize the notification content. If you do not want to use default fields in a notification, then create custom headers and fields. To learn more, see Review Notify Content Parameters. This parameter is optional. Review the following example: custom_fields: "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}×tamp={{.Timestamp}}" "Current Value": "{{.CurrentValue}}" "Threshold Value": "{{.ThresholdValue}}" |
Payload | advanced_content |
A payload is JSON object that is used to define metadata about the message. In the app, when you click Advanced Mode, you can update a pre-populated JSON file. You are responsible for ensuring the validity of the JSON object. Additionally, configurations you make in Advanced Mode will override all other configurations, including custom_fields, title, and disable_default_fields.
This parameter is optional. Review the following example: advanced_content: | { "blocks": [ { "type": "section", "text": { "type": "mrkdwn", "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*" } }, { "type": "section", "text": { "type": "mrkdwn", "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}" } } ] } |
Review Sample Configuration
The following sample configuration displays an output without the name of the organization-level integration:
- name: error-anomaly-slack
type: slack
endpoint: "<ADD SLACK ENDPOINT>"
suppression_window: 60m
suppression_mode: global
notify_content:
title: "Anomaly Detected: {{.ProcessorDescription}}"
disable_default_fields: false
advanced_content: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
}
}
]
}
custom_fields:
"Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}×tamp={{.Timestamp}}"
"Current Value": "{{.CurrentValue}}"
"Threshold Value": "{{.ThresholdValue}}"
"Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
"Built-in Threshold Description": "{{.ThresholdDescription}}"
"Matched Term": "{{.MatchedTerm}}"
"Threshold Type": "{{.ThresholdType}}"
"File Path": "{{.FileGlobPath}}"
"K8s PodName": "{{.K8sPodName}}"
"K8s Namespace": "{{.K8sNamespace}}"
"K8s ControllerKind": "{{.K8sControllerKind}}"
"K8s ContainerName": "{{.K8sContainerName}}"
"K8s ContainerImage": "{{.K8sContainerImage}}"
"K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
"ECSCluster": "{{.ECSCluster}}"
"ECSContainerName": "{{.ECSContainerName}}"
"ECSTaskVersion": "{{.ECSTaskVersion}}"
"ECSTaskFamily": "{{.ECSTaskFamily}}"
"DockerContainerName": "{{.DockerContainerName}}"
"SourceAttributes": "{{.SourceAttributes}}"
"ConfigID": "{{.ConfigID}}"
"EDAC": "{{.EDAC}}"
"Epoch": "{{.Epoch}}"
"Host": "{{.Host}}"
"MetricName": "{{.MetricName}}"
"Source": "{{.Source}}"
"SourceType": "{{.SourceType}}"
"Tag": "{{.Tag}}"