Slack Trigger Outputs and Integrations

George Alpizar
George Alpizar
  • Updated

Overview

This output types streams notifications and alerts to a specified Slack channel.

Before you begin

To use this output, you must provide a Slack webhook or endpoint URL.


Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

Visual Editor YAML Description
Name name

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

This parameter is required. 

Review the following example: 

name: error-anomaly-slack
Integration integration_name

This parameter only appears when you create an individual output.

This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated.

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

This parameter is optional. 

Review the following example: 

integration_name: ed-alert-slack
Endpoint endpoint

Enter the Slack Webhook or APP endpoint URL.

This parameter is required. 

Review the following example: 

endpoint: "<ADD SLACK ENDPOINT>"
Not applicable  type

Enter slack.

This parameter is required. 

Review the following example: 

type: slack
Suppression Window suppression_window

Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues for this time period.

The default value is 20m.

This parameter is optional. 

Review the following example: 

suppression_window: 30m
Suppression Mode suppression_mode

Enter a suppression mode, which can be local or global.

The default mode is local, which indicates that an individual agent suppresses an issue if the agent has already made a local notification for a similar issue in the last suppression window.

Global mode indicates that an individual agent checks with the Edge Delta backend to see if there were similar alerts from other sibling agents (agents that share the same tag in the configuration).

This parameter is optional. 

Review the following example: 

suppression_mode: local
Title

notify_content:

  title:

Enter a descriptive title for the notification. 

You can use this parameter to customize the notification content.

This parameter supports templating.

To learn more, see Review Notify Content Parameters.

This parameter is optional. 

Review the following example: 

notify_content:
  title: "Anomaly Detected: {{.ProcessorDescription}}"
Disable Default Fields 

notify_content:

 disable_default_fields

Enter true or false to disable default fields in a notification.

If you disable default fields, then Edge Delta recommends that you configure custom headers and custom fields. 

This parameter is optional. 

Review the following example: 

notify_content:
  disable_default_fields: false
Custom Headers custom_headers

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then create custom headers and fields.

To learn more, see Review Notify Content Parameters.

This parameter is optional. 

Review the following example: 

custom_headers:
  X-header1: "test-header"
Custom Fields custom_fields

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then create custom headers and fields.

To learn more, see Review Notify Content Parameters.

This parameter is optional. 

Review the following example: 

custom_fields:
  "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
  "Current Value": "{{.CurrentValue}}"
  "Threshold Value": "{{.ThresholdValue}}"
Payload advanced_content

A payload is JSON object that is used to define metadata about the message.

In the app, when you click Advanced Mode, you can update a pre-populated JSON file. 

You are responsible for ensuring the validity of the JSON object. 

Additionally, configurations you make in Advanced Mode will override all other configurations, including custom_fields, title, and disable_default_fields.

This parameter is optional. 

Review the following example: 

advanced_content: |
          {
            "blocks": [
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                }
              },
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                }
              }
            ]
          }

Review Sample Configuration

The following sample configuration displays an output without the name of the organization-level integration:

    - name: error-anomaly-slack
      type: slack
      endpoint: "<ADD SLACK ENDPOINT>"
      suppression_window: 60m
      suppression_mode: global
      notify_content:
        title: "Anomaly Detected: {{.ProcessorDescription}}"
        disable_default_fields: false
        advanced_content: |
          {
            "blocks": [
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                }
              },
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                }
              }
            ]
          }
        custom_fields:
          "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
          "Current Value": "{{.CurrentValue}}"
          "Threshold Value": "{{.ThresholdValue}}"
          "Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
          "Built-in Threshold Description": "{{.ThresholdDescription}}"
          "Matched Term": "{{.MatchedTerm}}"
          "Threshold Type": "{{.ThresholdType}}"
          "File Path": "{{.FileGlobPath}}"
          "K8s PodName": "{{.K8sPodName}}"
          "K8s Namespace": "{{.K8sNamespace}}"
          "K8s ControllerKind": "{{.K8sControllerKind}}"
          "K8s ContainerName": "{{.K8sContainerName}}"
          "K8s ContainerImage": "{{.K8sContainerImage}}"
          "K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
          "ECSCluster": "{{.ECSCluster}}"
          "ECSContainerName": "{{.ECSContainerName}}"
          "ECSTaskVersion": "{{.ECSTaskVersion}}"
          "ECSTaskFamily": "{{.ECSTaskFamily}}"
          "DockerContainerName": "{{.DockerContainerName}}"
          "SourceAttributes": "{{.SourceAttributes}}"
          "ConfigID": "{{.ConfigID}}"
          "EDAC": "{{.EDAC}}"
          "Epoch": "{{.Epoch}}"
          "Host": "{{.Host}}"
          "MetricName": "{{.MetricName}}"
          "Source": "{{.Source}}"
          "SourceType": "{{.SourceType}}"
          "Tag": "{{.Tag}}"

 

Share this document