Edge Delta Slack Output

Trigger data to Slack.

See the latest version here.

Overview

This output types sends notifications and alerts to a specified Slack channel.

To use this output, you must provide a Slack webhook or endpoint URL. To learn more about webhooks, review this document from Slack.

Example

    - name: error-anomaly-slack
      type: slack
      endpoint: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
      suppression_window: 60m
      suppression_mode: global
      notify_content:
        title: "Anomaly Detected: {{.ProcessorDescription}}"
        disable_default_fields: false
        advanced_content: |
          {
            "blocks": [
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                }
              },
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                }
              }
            ]
          }          
        custom_fields:
          "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
          "Current Value": "{{.CurrentValue}}"
          "Threshold Value": "{{.ThresholdValue}}"
          "Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
          "Built-in Threshold Description": "{{.ThresholdDescription}}"
          "Matched Term": "{{.MatchedTerm}}"
          "Threshold Type": "{{.ThresholdType}}"
          "File Path": "{{.FileGlobPath}}"
          "K8s PodName": "{{.K8sPodName}}"
          "K8s Namespace": "{{.K8sNamespace}}"
          "K8s ControllerKind": "{{.K8sControllerKind}}"
          "K8s ContainerName": "{{.K8sContainerName}}"
          "K8s ContainerImage": "{{.K8sContainerImage}}"
          "K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
          "ECSCluster": "{{.ECSCluster}}"
          "ECSContainerName": "{{.ECSContainerName}}"
          "ECSTaskVersion": "{{.ECSTaskVersion}}"
          "ECSTaskFamily": "{{.ECSTaskFamily}}"
          "DockerContainerName": "{{.DockerContainerName}}"
          "SourceAttributes": "{{.SourceAttributes}}"
          "ConfigID": "{{.ConfigID}}"
          "EDAC": "{{.EDAC}}"
          "Epoch": "{{.Epoch}}"
          "Host": "{{.Host}}"
          "MetricName": "{{.MetricName}}"
          "Source": "{{.Source}}"
          "SourceType": "{{.SourceType}}"
          "Tag": "{{.Tag}}"

Parameters

name

Required

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

name: error-anomaly-slack

integration_name

Optional

This parameter refers to the organization-level integration created in the Integrations page.

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name parameter. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

integration_name: ed-alert-slack

endpoint

Required

Enter the Slack Webhook or APP endpoint URL.

endpoint: https://hooks.slack.com/services/T00000/B00000/XXXXXXX

type: slack

Required

Enter slack.

type: slack

suppression_window

Optional

Enter a golang duration string that represents the suppression window. Once the agent detects an issue and notifies the endpoint, the agent will suppress any new issues for this time period.

The default value is 20m.

suppression_window: 30m

suppression_mode

Optional

Enter a suppression mode, which can be local or global.

The default mode is local, which indicates that an individual agent suppresses an issue if the agent has already made a local notification for a similar issue in the last suppression window.

Global mode indicates that an individual agent checks with the Edge Delta backend to see if there were similar alerts from other sibling agents (agents that share the same tag in the configuration).

Note Sibling agents are agents that share the same tag in the configuration.

suppression_mode: local

notify_content: title

Optional

Enter a descriptive title for the notification.

You can use this parameter to customize the notification content.

This parameter supports templating.

notify_content:
  title: "Anomaly Detected: {{.ProcessorDescription}}"

notify_content: disable_default_fields

Enter true or false to disable default fields in a notification.

If you disable default fields, then we recommend that you configure custom headers and custom fields.

notify_content:
  disable_default_fields: false

custom_headers

Optional

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then create custom headers and fields.

custom_headers:
  X-header1: "test-header"

custom_fields

Optional

This parameter is used to customize the notification content.

If you do not want to use default fields in a notification, then create custom headers and fields.

custom_fields:
  "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
  "Current Value": "{{.CurrentValue}}"
  "Threshold Value": "{{.ThresholdValue}}"

advanced_content

Optional

A payload is JSON object that is used to define metadata about the message.

You are responsible for ensuring the validity of the JSON object.

Additionally, configurations you make with this parameter will override all other configurations, including custom_fields, title, and disable_default_fields.

advanced_content: |
          {
            "blocks": [
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                }
              },
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                }
              }
            ]
          }