diff --git a/elastalert_modules/slack_custom_alert.py b/elastalert_modules/slack_custom_alert.py new file mode 100644 index 000000000..84ad6404c --- /dev/null +++ b/elastalert_modules/slack_custom_alert.py @@ -0,0 +1,104 @@ +import requests +import json + +from requests.exceptions import RequestException + +from elastalert.alerts import Alerter, BasicMatchString +from elastalert.util import elastalert_logger +from elastalert.util import EAException + +class SlackCustomAlert(Alerter): + # By setting required_options to a set of strings + # You can ensure that the rule config file specifies all + # of the options. Otherwise, ElastAlert will throw an exception + # when trying to load the rule. + required_options = set(['slack_webhook_url']) + + def __init__(self, rule): + super(SlackCustomAlert, self).__init__(rule) + self.slack_webhook_url = self.rule['slack_webhook_url'] + self.slack_title = self.rule.get('slack_title', '') + + # Alert is called + def alert(self, matches): + + # Matches is a list of match dictionaries. + # It contains more than one match when the alert has + # the aggregation option set + for match in matches: + elastalert_logger.info("Received match %s" % (match)) + # post to slack + headers = {'content-type': 'application/json'} + payload ={ + "blocks":[ + { + "type":"section", + "block_id": "alarm_title", + "text":{ + "type":"mrkdwn", + "text":"*{slack_title}*".format(slack_title = self.slack_title) + } + }, + { + "type":"section", + "block_id": "alarm_text_args", + "fields":[ + { + "type":"mrkdwn", + "text":"*Application:*\n{instance}".format(instance = match['instance-tag']) + }, + { + "type":"mrkdwn", + "text":"*Time in IST:*\n{ist}".format(ist = match['@timestamp-ist']) + }, + { + "type":"mrkdwn", + "text":"*Time in CST:*\n{cst}".format(cst = match['@timestamp-cst']) + }, + { + "type":"mrkdwn", + "text":"*Time in UTC00Z:*\n{timestamp}".format(timestamp = match['@timestamp']) + } + ] + }, + { + "type":"actions", + "block_id": "alarm_action", + "elements":[ + { + "type":"button", + "text":{ + "type":"plain_text", + "emoji":True, + "text":"View Kibana Dashboard" + }, + "style":"primary", + "url":"https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A2000)%2Ctime%3A(from%3Anow-15d%2Cto%3Anow))" + }, + { + "type":"button", + "text":{ + "type":"plain_text", + "emoji":True, + "text":"Send Incident Response" + }, + "style":"primary", + "value":"submit_incident_response" + } + ] + } + ] + } + try: + response = requests.post( + self.slack_webhook_url, data=json.dumps(payload), + headers=headers) + response.raise_for_status() + except RequestException as e: + raise EAException("Error posting to slack: %s" % e) + + elastalert_logger.info("Alert '%s' sent to Slack" % self.rule['name']) + + + def get_info(self): + return {'type': 'slack'} diff --git a/elastalert_modules/tst_ist_tz_enhancement.py b/elastalert_modules/tst_ist_tz_enhancement.py index 80719284d..feefc662f 100644 --- a/elastalert_modules/tst_ist_tz_enhancement.py +++ b/elastalert_modules/tst_ist_tz_enhancement.py @@ -27,6 +27,5 @@ def process(self, match): ist_tz_str = pretty_ts(ist_tz, False) tst_tz_str = pretty_ts(tst_tz, False) - tz_str = ist_tz_str + " Or " + tst_tz_str - - match['@timestamp'] = tz_str + match['@timestamp-ist'] = ist_tz_str + match['@timestamp-cst'] = tst_tz_str diff --git a/infra-rules/application_critical_uptime_monitor.yaml b/infra-rules/application_critical_uptime_monitor.yaml index b395450d7..5dbb93645 100644 --- a/infra-rules/application_critical_uptime_monitor.yaml +++ b/infra-rules/application_critical_uptime_monitor.yaml @@ -35,16 +35,7 @@ match_enhancements: # (Required) # The alert is use when a match is found -alert: -- slack +alert: "elastalert_modules.slack_custom_alert.SlackCustomAlert" -alert_subject: "CSAD IT - Critical Instance Application Health Monitoring Alarm" -alert_text: "The Application {0} is unhealthy and reporting Downtime during {1}" -alert_text_type: alert_text_only -alert_text_args: ["instance-tag", "@timestamp"] - - -slack: -slack_webhook_url: "" +slack_webhook_url: "" slack_title: "CSAD IT - Critical Instance Application Health Monitoring Alarm" -slack_title_link: "https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3" diff --git a/infra-rules/application_uptime_non_critical_monitor.yaml b/infra-rules/application_uptime_non_critical_monitor.yaml index 192cbc99d..94bc845f4 100644 --- a/infra-rules/application_uptime_non_critical_monitor.yaml +++ b/infra-rules/application_uptime_non_critical_monitor.yaml @@ -35,16 +35,7 @@ filter: # (Required) # The alert is use when a match is found -alert: -- slack +alert: "elastalert_modules.slack_custom_alert.SlackCustomAlert" -alert_subject: "CSAD IT - Non Critical Instance Application Health Monitoring Alarm" -alert_text: "The Application {0} is unhealthy and reporting Downtime during {1}" -alert_text_type: alert_text_only -alert_text_args: ["instance-tag", "@timestamp"] - - -slack: -slack_webhook_url: "" +slack_webhook_url: "" slack_title: "CSAD IT - Non Critical Instance Application Health Monitoring Alarm" -slack_title_link: "https://elk.it.logitech.com:5601/app/kibana#/dashboard/35aa4fd0-b0b3-11ea-833d-fde9206e58f3"