VictorOps (Splunk On-Call) Triggering Output and Integration

George Alpizar
George Alpizar
  • Updated

Overview

This output type sends notifications and alerts to a VictorOps endpoint.


Review Sample Configuration 

The following sample configuration displays an output without the name of the organization-level integration:

    - name: victorops-integration
      type: victorops
      endpoint: "https://api.victorops.com/api-public/v1/incidents"
      custom_headers:
        X-VO-Api-Id: "api-id"
        X-VO-Api-Key: "api-key"
      notify_content:
        advanced_content: |
          {
            "summary": "{{ .Title }} - {{ .Message }}",
            "details": "https://admin.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}",
            "userName": "username",
            "targets": [
                {
                    "type": "EscalationPolicy",
                    "slug": "team-xxxxxxx"
                }
            ],
            "isMultiResponder": false
          }

Review Parameters

Review the following parameters that you can configure in the Edge Delta App.


name

Required

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

Review the following example: 

name: victorops-output

integration_name

Optional

This parameter refers to the organization-level integration created in the Integrations page. 

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name parameter. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

Review the following example: 

integration_name: ed-alert-victorops

type

Required 

Enter victorops.

Review the following example: 

type: victorops

endpoint

Required

Enter the VictorOps endpoint.

Review the following example: 

endpoint: "https://api.victorops.com/api-public/v1/incidents"

suppression_window

Optional

Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues for this time period. The default setting is 20m.

Review the following example: 

suppression_window: 60m

suppression_mode

Optional 

Enter a suppression mode, which can be local or global.

The default mode is local, which indicates that an individual agent suppresses an issue if the agent has already made a local notification for a similar issue in the last suppression window.

Global mode indicates that an individual agent checks with the Edge Delta backend to see if there were similar alerts from other sibling agents (agents that share the same tag in the configuration).

Review the following example: 

suppression_mode: local

custom_headers and custom_fields

Optional 

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then you can create custom headers and fields.

To learn more, see Review Notify Content Parameters.

Review the following example:

custom_headers: 
X-VO-Api-Id: "api-id"
X-VO-Api-Key: "api-key"

notify_content: advanced_content

Optional 

A payload is JSON object that is used to define metadata about the message.

You are responsible for ensuring the validity of the JSON object. 

Additionally, configurations you make in this parameter will override all other configurations, including custom_fields, title, and disable_default_fields.

To learn more, see Review Template Values for Trigger Payloads.

Review the following example: 

        advanced_content: |
          {
            "summary": "{{ .Title }} - {{ .Message }}",
            "details": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}",
            "userName": "username",
            "targets": [
                {
                    "type": "EscalationPolicy",
                    "slug": "team-xxxxxxx"
                }
            ],
            "isMultiResponder": false
          }

 


 

Share this document