VictorOps (Splunk On-Call) Triggering Output and Integration

George Alpizar
George Alpizar
  • Updated

Overview

This output type sends notifications and alerts to a VictorOps endpoint.


Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

YAML Description
name

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

This parameter is required. 

Review the following example: 

name: victorops-output
integration_name

This parameter only appears when you create an individual output.

This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated.

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

This parameter is optional. 

Review the following example: 

integration_name: ed-alert-victorops
type

Enter victorops.

This parameter is required. 

Review the following example: 

type: victorops
endpoint

Enter the VictorOps endpoint.

This parameter is required. 

Review the following example: 

endpoint: "https://api.victorops.com/api-public/v1/incidents"
suppression_window

Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues for this time period. The default setting is 20m.

This parameter is optional. 

Review the following example: 

test
suppression_mode

Enter a suppression mode, which can be local or global.

The default mode is local, which indicates that an individual agent suppresses an issue if the agent has already made a local notification for a similar issue in the last suppression window.

Global mode indicates that an individual agent checks with the Edge Delta backend to see if there were similar alerts from other sibling agents (agents that share the same tag in the configuration).

This parameter is optional. 

Review the following example: 

suppression_mode: local
custom_headers and custom_fields

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then you can create custom headers and fields.

To learn more, see Review Notify Content Parameters.

This parameter is optional. 

Review the following example:

custom_headers: 
X-VO-Api-Id: "api-id"
X-VO-Api-Key: "api-key"

notify_content:

 advanced_content

A payload is JSON object that is used to define metadata about the message.

In the app, when you click Advanced Mode, you can update a pre-populated JSON file. 

You are responsible for ensuring the validity of the JSON object. 

Additionally, configurations you make in Advanced Mode will override all other configurations, including custom_fields, title, and disable_default_fields.

To learn more, see Review Template Values for Trigger Payloads.

This parameter is optional. 

Review the following example: 

        advanced_content: |
          {
            "summary": "{{ .Title }} - {{ .Message }}",
            "details": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}",
            "userName": "username",
            "targets": [
                {
                    "type": "EscalationPolicy",
                    "slug": "team-xxxxxxx"
                }
            ],
            "isMultiResponder": false
          }

Review Sample Configuration 

The following sample configuration displays an output without the name of the organization-level integration:

    - name: victorops-integration
      type: victorops
      endpoint: "https://api.victorops.com/api-public/v1/incidents"
      custom_headers:
        X-VO-Api-Id: "api-id"
        X-VO-Api-Key: "api-key"
      notify_content:
        advanced_content: |
          {
            "summary": "{{ .Title }} - {{ .Message }}",
            "details": "https://admin.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}",
            "userName": "username",
            "targets": [
                {
                    "type": "EscalationPolicy",
                    "slug": "team-xxxxxxx"
                }
            ],
            "isMultiResponder": false
          }

 

Share this document