Merge pull request #3 from Logitech/feat-custom-slack-alert

Slack Custom Alerter
Logitech · Jul 3, 2020 · 3122273 · 3122273
2 parents 84444ad + 8934886
commit 3122273
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 25 deletions.
diff --git a/elastalert_modules/slack_custom_alert.py b/elastalert_modules/slack_custom_alert.py
@@ -0,0 +1,104 @@
+import requests
+import json
+
+from requests.exceptions import RequestException
+
+from elastalert.alerts import Alerter, BasicMatchString
+from elastalert.util import elastalert_logger
+from elastalert.util import EAException
+
+class SlackCustomAlert(Alerter):
+    # By setting required_options to a set of strings
+    # You can ensure that the rule config file specifies all
+    # of the options. Otherwise, ElastAlert will throw an exception
+    # when trying to load the rule.
+    required_options = set(['slack_webhook_url'])
+
+    def __init__(self, rule):
+        super(SlackCustomAlert, self).__init__(rule)
+        self.slack_webhook_url = self.rule['slack_webhook_url']
+        self.slack_title = self.rule.get('slack_title', '')
+
+    # Alert is called
+    def alert(self, matches):
+
+        # Matches is a list of match dictionaries.
+        # It contains more than one match when the alert has
+        # the aggregation option set
+        for match in matches:
+            elastalert_logger.info("Received match %s" % (match))
+            # post to slack
+            headers = {'content-type': 'application/json'}
+            payload ={
+               "blocks":[
+                  {
+                     "type":"section",
+                     "block_id": "alarm_title",
+                     "text":{
+                        "type":"mrkdwn",
+                        "text":"*{slack_title}*".format(slack_title = self.slack_title)
+                     }
+                  },
+                  {
+                     "type":"section",
+                     "block_id": "alarm_text_args",
+                     "fields":[
+                        {
+                           "type":"mrkdwn",
+                           "text":"*Application:*\n{instance}".format(instance = match['instance-tag'])
+                        },
+                        {
+                           "type":"mrkdwn",
+                           "text":"*Time in IST:*\n{ist}".format(ist = match['@timestamp-ist'])
+                        },
+                        {
+                           "type":"mrkdwn",
+                           "text":"*Time in CST:*\n{cst}".format(cst = match['@timestamp-cst'])
+                        },
+                        {
+                           "type":"mrkdwn",
+                           "text":"*Time in UTC00Z:*\n{timestamp}".format(timestamp = match['@timestamp'])
+                        }
+                     ]
+                  },
+                  {
+                     "type":"actions",
+                     "block_id": "alarm_action",
+                     "elements":[
+                        {
+                           "type":"button",
+                           "text":{
+                              "type":"plain_text",
+                              "emoji":True,
+                              "text":"View Kibana Dashboard"
+                           },
+                           "style":"primary",
+                           "url":"https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A2000)%2Ctime%3A(from%3Anow-15d%2Cto%3Anow))"
+                        },
+                        {
+                           "type":"button",
+                           "text":{
+                              "type":"plain_text",
+                              "emoji":True,
+                              "text":"Send Incident Response"
+                           },
+                           "style":"primary",
+                           "value":"submit_incident_response"
+                        }
+                     ]
+                  }
+               ]
+            }
+            try:
+                response = requests.post(
+                    self.slack_webhook_url, data=json.dumps(payload),
+                    headers=headers)
+                response.raise_for_status()
+            except RequestException as e:
+                raise EAException("Error posting to slack: %s" % e)
+
+        elastalert_logger.info("Alert '%s' sent to Slack" % self.rule['name'])
+
+
+    def get_info(self):
+        return {'type': 'slack'}
diff --git a/elastalert_modules/tst_ist_tz_enhancement.py b/elastalert_modules/tst_ist_tz_enhancement.py
@@ -27,6 +27,5 @@ def process(self, match):
         ist_tz_str = pretty_ts(ist_tz, False)
         tst_tz_str = pretty_ts(tst_tz, False)
 
-        tz_str = ist_tz_str + " Or " + tst_tz_str
-
-        match['@timestamp'] = tz_str
+        match['@timestamp-ist'] = ist_tz_str
+        match['@timestamp-cst'] = tst_tz_str
diff --git a/infra-rules/application_critical_uptime_monitor.yaml b/infra-rules/application_critical_uptime_monitor.yaml
@@ -35,16 +35,7 @@ match_enhancements:
 
 # (Required)
 # The alert is use when a match is found
-alert:
-- slack
+alert: "elastalert_modules.slack_custom_alert.SlackCustomAlert"
 
-alert_subject: "CSAD IT - Critical Instance Application Health Monitoring Alarm"
-alert_text: "The Application {0} is unhealthy and reporting Downtime during {1}"
-alert_text_type: alert_text_only
-alert_text_args: ["instance-tag", "@timestamp"]
-
-
-slack:
-slack_webhook_url: "<slack-webhook>"
+slack_webhook_url: ""
 slack_title: "CSAD IT - Critical Instance Application Health Monitoring Alarm"
-slack_title_link: "https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3"
diff --git a/infra-rules/application_uptime_non_critical_monitor.yaml b/infra-rules/application_uptime_non_critical_monitor.yaml
@@ -35,16 +35,7 @@ filter:
 
 # (Required)
 # The alert is use when a match is found
-alert:
-- slack
+alert: "elastalert_modules.slack_custom_alert.SlackCustomAlert"
 
-alert_subject: "CSAD IT - Non Critical Instance Application Health Monitoring Alarm"
-alert_text: "The Application {0} is unhealthy and reporting Downtime during {1}"
-alert_text_type: alert_text_only
-alert_text_args: ["instance-tag", "@timestamp"]
-
-
-slack:
-slack_webhook_url: "<slack-webhook>"
+slack_webhook_url: ""
 slack_title: "CSAD IT - Non Critical Instance Application Health Monitoring Alarm"
-slack_title_link: "https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3"