Trigger Outputs Overview
  • Dark
    Light

Trigger Outputs Overview

  • Dark
    Light

Overview

You can use this document to view supported triggering outputs and integrations.

In the Edge Delta App, when you create an integration or an individual output, similar parameters will display. As a result, this document applies to both outputs and integrations.

Note

To learn how to create an output or integration, see Create and Manage Outputs and Integrations.


Review Supported Trigger Outputs

The Edge Delta App supports the following trigger outputs:

Supported Trigger Outputs
Description

AWS Lambda 

This output type sends notifications and alerts to the specified AWS Lambda FaaS endpoint.

To learn more, see AWS Lambda Triggering Output and Integration.

Azure Event Hubs 

This output type sends notifications and alerts to a specified Event Hub URL.

To learn more, see Azure Event Hubs Triggering Output and Integration.

Azure Functions 

This output type sends notifications and alerts to an Azure endpoint.

To learn more, see Azure Functions Triggering Output and Integration.

Big Panda 

This output type sends notifications and alerts to a specified BigPanda endpoint.

To learn more, see Big Panda Triggering Output and Integration.

Email 

This output type sends notifications and alerts to a specified email address. 

To learn more, see Email Triggering Output and Integration.

Jira 

This output type sends notifications and alerts to a specified Jira webhook URL.

To learn more, see Jira Triggering Output and Integration.

Microsoft Teams

This output type sends notifications and alerts to a specified Teams channel.

To learn more, see Microsoft Teams Triggering Output and Integration.

Moogsoft 

This output type sends notifications and alerts to a specified Moogsoft URL.

To learn more, see Moogsoft Triggering Output and Integration.

Pagerduty 

This output type sends notifications and alerts to a specified Pagerduty API endpoint.

To learn more, see Pagerduty Triggering Output and Integration.

Remedy 

This output type sends notifications and alerts to a specified Remedy URL.

To learn more, see Remedy Triggering Output and Integration.

Service Now 

This output type sends notifications and alerts to a specified Service Now API endpoint.

To learn more, see Service Now Triggering Output and Integration.

Slack

This output type sends notifications and alerts to a specified Slack channel.

To learn more, see Slack Triggering Output and Integration.

VictorOps 

This output type sends notifications and alerts to a VictorOps endpoint.

To learn more, see VictorOps (Splunk On-Call) Triggering Output and Integration.

Webhook 

This output type sends notifications and alerts to a specified Webhook URL.

To learn more, see Webhook Triggering Output and Integration.


Review Notify Content Parameters

For triggering outputs and triggering integrations, the Notify Content parameter is an optional way to customize the notification content for specific triggers.

Review the following subfields:

Subfield in YAML
Description

Title

This field is the title text for the webhook message.

This field can be customized with custom template fields.

disable_default_fields

This field is used to disable default fields in notification messages.

By default, the value is false.

custom_fields

You can extend the notification content by adding name-value pairs, which you can build with the template fields listed below.

To learn more, see Review Custom Fields for notification_content.

advanced_content

This field provides full flexibility to define the payload in notification post requests.

  • Advanced Contentoverrides other settings, such as title, custom fields, etc.
    • Custom templates are also supported in Advanced Content.

To learn more, see Review Template Values for Trigger Payloads.


Review Custom Fields for notification_content

Review the following custom fields for notification_content :

Custom Field
Description

Tag

This field is a tag to describe the environment, such as prod_us_west_2_cluster.

EDAC

This field is the Edge Delta Anomaly Context ID.

Host

This field is the hostname of the environment where the agent runs on.

ConfigID

This field is the configuration ID for the agent.

MetricName

This field is the metric name that causes the anomaly.

Source

This field is the identifier name of the source, such as docker container id or file name.

SourceType

This field is the source type, such as Docker or system.

SourceAttributes

This field is list of source attributes.

Timestamp

This field is the timestamp for when an event is triggered.

Epoch

This field is the timestamp (in epoch format) for when an event triggered.

CurrentValue

This field is the metric current value.

ThresholdValue

This field is the threshold value.

ThresholdDescription

This field is a detailed threshold description that includes the threshold type, value, etc.

MatchedTerm

This field is a sample log message to describe the anomaly event.

ThresholdType

This field is the threshold type.

FileGlobPath

This field is the file global path.

K8sPodName

This field is the Kubernetes pod name.

You can define a path, or you can use a dash to skip a field to decrease cardinality. 

Review the following example: 

k8s_pod_name: "-"

K8sNamespace

This field is the Kubernetes namespace.

Review the following example: 

k8s_container_name: "kubernetes.container.name"

K8sControllerKind

This field is the Kubernetes controller kind.

K8sContainerName

This field is the Kubernetes container name.

Review the following example: 

k8s_controller_logical_name: "kubernetes.controller.name"

K8sContainerImage

This field is the Kubernetes container image.

Review the following example: 

k8s_container_image: "kubernetes.container.image"

K8sControllerLogicalName

This field is the Kubernetes controller logical name.

Review the following example: 

k8s_controller_logical_name: "kubernetes.controller.name"

ECSCluster

This field is the ECS cluster name.

ECSContainerName

This field is the ECS container name.

ECSTaskVersion

This field is the ECS task version.

ECSTaskFamily

This field is the ECS task family.

DockerContainerName

This field is the Docker container name.

The following example displays the use of custom fields:

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         disable_default_fields: false
         custom_fields:
           "Dashboard": "https://app.edgedelta.com/investigation?edac={{.EDAC}}&timestamp={{.Timestamp}}"
           "Current Value": "{{.CurrentValue}}"
           "Threshold Value": "{{.ThresholdValue}}"
           "Custom Message": "{{.CurrentValue}} exceeds {{.ThresholdValue}}"
           "Built-in Threshold Description": "{{.ThresholdDescription}}"
           "Matched Term": "{{.MatchedTerm}}"
           "Threshold Type": "{{.ThresholdType}}"
           "File Path": "{{.FileGlobPath}}"
           "K8s PodName": "{{.K8sPodName}}"
           "K8s Namespace": "{{.K8sNamespace}}"
           "K8s ControllerKind": "{{.K8sControllerKind}}"
           "K8s ContainerName": "{{.K8sContainerName}}"
           "K8s ContainerImage": "{{.K8sContainerImage}}"
           "K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
           "ECSCluster": "{{.ECSCluster}}"
           "ECSContainerName": "{{.ECSContainerName}}"
           "ECSTaskVersion": "{{.ECSTaskVersion}}"
           "ECSTaskFamily": "{{.ECSTaskFamily}}"
           "DockerContainerName": "{{.DockerContainerName}}"
           "SourceAttributes": "{{.SourceAttributes}}"
           "ConfigID": "{{.ConfigID}}"
           "EDAC": "{{.EDAC}}"
           "Epoch": "{{.Epoch}}"
           "Host": "{{.Host}}"
           "MetricName": "{{.MetricName}}"
           "Source": "{{.Source}}"
           "SourceType": "{{.SourceType}}"
           "Tag": "{{.Tag}}"

The following example displays the uses of advanced_content :

       notify_content:
         title: "Anomaly Detected: {{.ProcessorDescription}}"
         advanced_content: |
           {
             "blocks": [
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*Raw POST Anomaly Detected: {{.ProcessorDescription}}*"
                 }
               },
               {
                 "type": "section",
                 "text": {
                   "type": "mrkdwn",
                   "text": "*MatchedTerm* {{.MatchedTerm}}\n*ConfigID* {{.ConfigID}}"
                 }
               }
             ]
           }

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.