Edge Delta Slack Output

Send alerts to Slack using a node.

  3 minute read  

Beta

Overview

The Slack Output node sends triggered signals to Slack.

Example Configuration

nodes:
  - name: my_slack
    type: slack_output
    endpoint: <REDACTED>
    suppression_window: 30m
    suppression_mode: global

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: slack_output

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

endpoint

The endpoint URL is a Slack webhook you configure in Slack. It is specified as a string and is optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>

Optional Parameters

message

The message parameter is a customization of the notification message. It is specified as a string and is optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    message: <custom message>

message_fields

The message_fields parameter is a list of fields from the item to be attached to the message as key-value pairs. They are specified as list items and are optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    message_fields: 
        <key value pairs>

notify_content

The notify_content parameter is only used if use_legacy_formatting: true. See legacy Slack configuration.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    use_legacy_formatting: true
    notify_content:
      title: "<message title>"
      disable_default_fields: true | false
      advanced_content: |
        <JSON content>        
      custom_fields:
        "<custom key>": "<custom value>"

suppression_mode

The suppression_mode parameter can be

  • local: suppression of same source+rule from this agent (default)
  • global: suppression of same source+rule from any agent that shares the same tag/config ID.

It is specified as a string and is optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    suppression_mode: local | global

suppression_window

The suppression_window parameter specifies the duration to not send duplicate alerts. It is specified as a duration and is optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    suppression_window:

title

The title parameter customizes the slack title. It is specified as a string and is optional.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    title: <title customization>

use_legacy_formatting

The use_legacy_formatting parameter tries to match agent v2 output. It enables the legacy notify_content parameter.

nodes:
  - name: <node name>
    type: slack_output
    endpoint: <REDACTED>
    use_legacy_formatting: true
    notify_content:
      title: "<message title>"
      disable_default_fields: true | false
      advanced_content: |
        <JSON content>        
      custom_fields:
        "<custom key>": "<custom value>"