2015-08-25 07:02:39 -04:00
|
|
|
[[actions-slack]]
|
|
|
|
|
==== Slack Action
|
|
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
A watch <<actions, action>> that sends messages to a https://slack.com/[Slack] team's channels or
|
|
|
|
|
users. To use the Slack action, you need to configure at least one
|
|
|
|
|
Slack account in Watcher. For information about configuring accounts, see <<configuring-slack,
|
|
|
|
|
Configuring Watcher to Send Notifications to Slack>>.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
|
|
|
|
[[configuring-slack-actions]]
|
|
|
|
|
===== Configuring Slack Actions
|
|
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
You configure Slack actions in a watch's `actions` array. Action-specific attributes are
|
2015-08-25 07:02:39 -04:00
|
|
|
specified using the `slack` keyword.
|
|
|
|
|
|
|
|
|
|
The following snippet shows a simple slack action definition:
|
|
|
|
|
|
|
|
|
|
[source,json]
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
"actions" : {
|
2015-09-03 17:07:07 -04:00
|
|
|
"notify-slack" : {
|
|
|
|
|
"transform" : { ... },
|
|
|
|
|
"throttle_period" : "5m",
|
2015-08-25 07:02:39 -04:00
|
|
|
"slack" : {
|
2015-09-03 17:07:07 -04:00
|
|
|
"to" : [ "#admins", "@chief-admin" ], <1>
|
2015-08-25 07:02:39 -04:00
|
|
|
"message" : {
|
2015-09-03 17:07:07 -04:00
|
|
|
"text" : "Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)" <2>
|
2015-08-25 07:02:39 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
<1> The channels and users you want to send the message to.
|
|
|
|
|
<2> The content of the message.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
|
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
[[formatting-slack-messages]]
|
|
|
|
|
===== Using Attachments to Format Slack Messages
|
2015-08-25 07:02:39 -04:00
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
In addition to sending simple text-based messages, you can use the Slack
|
|
|
|
|
https://api.slack.com/docs/attachments[attachment] mechanism to send formatted messages.
|
|
|
|
|
Watcher leverages Slack attachments to enable you to dynamically populate templated messages
|
|
|
|
|
from the watch payload.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
The following snippet shows a standard message attachment.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
|
|
|
|
[source,json]
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
"actions" : {
|
|
|
|
|
"notify-slack" : {
|
|
|
|
|
"throttle_period" : "5m",
|
|
|
|
|
"slack" : {
|
|
|
|
|
"account" : "team1",
|
|
|
|
|
"message" : {
|
|
|
|
|
"from" : "watcher",
|
|
|
|
|
"to" : [ "#admins", "@chief-admin" ],
|
|
|
|
|
"text" : "System X Monitoring",
|
|
|
|
|
"attachments" : [
|
|
|
|
|
{
|
|
|
|
|
"title" : "Errors Found",
|
|
|
|
|
"text" : "Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)",
|
|
|
|
|
"color" : "danger"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
|
|
[[slack-dynamic-attachment]]
|
|
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
To define an attachment template that is dynamically populated from the watch payload, you specify
|
|
|
|
|
`dynamic_attachments` in the watch action. For example, a dynamic attachment could reference
|
|
|
|
|
histogram buckets in the payload and build an attachment per bucket.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
In the following example, the watch input executes a search with a date histogram aggregation
|
|
|
|
|
and the Slack action:
|
|
|
|
|
|
|
|
|
|
. Transforms the payload to a list where each item in the list holds the month, the user count
|
|
|
|
|
for that month, and the color that represents the sentiment associated with that count
|
|
|
|
|
(good or danger).
|
|
|
|
|
. Defines an attachment template that references items in the list generated by the transform.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
|
|
|
|
[source,json]
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
"input" : {
|
|
|
|
|
"search" : {
|
|
|
|
|
"request" : {
|
|
|
|
|
"body" : {
|
|
|
|
|
"aggs" : {
|
|
|
|
|
"users_per_month" : {
|
|
|
|
|
"date_histogram" : {
|
|
|
|
|
"field" : "@timestamp",
|
|
|
|
|
"interval" : "1m"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
...
|
|
|
|
|
"actions" : {
|
|
|
|
|
"notify-slack" : {
|
|
|
|
|
"throttle_period" : "5m",
|
2015-09-03 17:07:07 -04:00
|
|
|
"transform" : {
|
2015-08-25 07:02:39 -04:00
|
|
|
"script" : "return [ items : ctx.payload.hits.aggs.users_per_month.buckets.collect { [ month : it.key_as_string, count : it.doc_count, color : it.doc_count < 100 ? 'danger' : 'good' ] }]"
|
|
|
|
|
},
|
|
|
|
|
"slack" : {
|
|
|
|
|
"account" : "team1",
|
|
|
|
|
"message" : {
|
|
|
|
|
"from" : "watcher",
|
|
|
|
|
"to" : [ "#admins", "@chief-admin" ],
|
|
|
|
|
"text" : "System X Monitoring",
|
|
|
|
|
"dynamic_attachments" : {
|
2015-09-03 17:07:07 -04:00
|
|
|
"list_path" : "ctx.payload.items" <1>
|
|
|
|
|
"attachment_template" : {
|
2015-08-25 07:02:39 -04:00
|
|
|
"title" : "{{month}}", <2>
|
|
|
|
|
"text" : "Users Count: {{count}}",
|
|
|
|
|
"color" : "{{color}}"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
2015-09-03 17:07:07 -04:00
|
|
|
<1> The list generated by the action's transform.
|
|
|
|
|
<2> The parameter placeholders refer to attributes in each item of the list generated by the transform.
|
2015-08-25 07:02:39 -04:00
|
|
|
|
2015-09-03 17:07:07 -04:00
|
|
|
[[slack-action-attributes]]
|
|
|
|
|
===== Slack Action Attributes
|
|
|
|
|
[options="header"]
|
|
|
|
|
|======
|
|
|
|
|
| Name |Required | Description
|
|
|
|
|
| `from` | no | The sender name to display in the
|
|
|
|
|
Slack message. Overrides the incoming
|
|
|
|
|
webhook's configured name.
|
|
|
|
|
| `to` | yes | The channels and users you want to send
|
|
|
|
|
the message to. Channel names must start
|
|
|
|
|
with `#` and user names must start with `@`.
|
|
|
|
|
Accepts a string value or an array of string
|
|
|
|
|
values.
|
|
|
|
|
| `icon` | no | The icon to display in the Slack messages.
|
|
|
|
|
Overrides the incoming webhook's configured
|
|
|
|
|
icon. Accepts a public URL to an image.
|
|
|
|
|
| `text` | yes | The message content.
|
|
|
|
|
| `attachments` | no | Slack message attachments. Message
|
|
|
|
|
attachments enable you to create more
|
|
|
|
|
richly-formatted messages. Specified as
|
|
|
|
|
as array as defined in the
|
|
|
|
|
https://api.slack.com/docs/attachments[Slack
|
|
|
|
|
attachments documentation].
|
|
|
|
|
| `dynamic_attachments` | no | Slack message attachments that can be
|
|
|
|
|
populated dynamically based on the current
|
|
|
|
|
watch payload. For more information, see
|
|
|
|
|
<<slack-dynamic-attachment, Using Attachments to
|
|
|
|
|
Format Slack Messages>>.
|
|
|
|
|
|
|
|
|
|
|======
|
