I am using Grafana version v8.3.3 and have set up Slack alerts but the alerts are formatted in a certain way and I don't see an option to change it.
There is a section Add details for your alert which is great but the alert contains all these fields and I can't find where to control which one to display in Slack message and which ones to hide. I just want to send a message with value and a brief description without annotations, labels, source, and silence.
**Firing**
Value: [ metric='disk_used_percent' labels={InstanceId=i-..., path=/} value=28.528058875324813 ]
Labels:
- alertname = CI Jenkins instance FREE space alert
- notification = slack
Annotations:
- summary = CI Jenkins instance is running out of space. Please investigate.
Source: http.....
Silence: http....
By providing custom message in contact point, I could able to avoid source, silence, query etc., being sent as part of alert notification message.
Related
Let see, I want to notify with alert on Dataflow pipeline using log based.But in log based alert , i cant see any option if i have to set alert on particular pattern matching like, if in log any message "Job failed due to ....", here i want to trigger an alert based on condition like "job failed *". . It should alert me if any message in log occur. Highly appreciated your help
I tried Dataflow-log entries option, but didnt get anything on pattern matching log.
jsonPayload.message=~"some pattern"
https://cloud.google.com/logging/docs/view/logging-query-language
During the pipeline execution, I need to ask user whether to proceed the stage with below shown input options which is working fine. However thinking of enhancing the input message by converting the description of the input message to a clickable URL instead of plain text which is happening now.
environment {
def delobjectsurl = "${env.BUILD_URL}/artifact/logs/stage2.log"
def delconfirmation = input (id: 'delconfirmation', message: 'Proceed with mark as delete [YES/NO]?', parameters: [choice(choices: 'YES\nNO', description: "${delobjectsurl}", name: 'ONLINE_MARK_AS_DELETE')])
}
I tried with below options but still showing the description as plain text.
Configure Global Security
Is it possible to achieve which I am trying to do? I am using Jenkins v2.107.1.
I have zabbix server to monitor linux server, I am trying to read daily backup file and display all contents of file on zabbix, how can I do that.
I tried to do the following:
first item
TYPE: Zabbix_agent (Active)
log[/var/opt/backup,]
second item
TYPE: Zabbix_agent (Active)
vfs.file.contents[/var/opt/backup]
but there is no data retrieved, and should I do anything in trigger...
Make sure that the EnableRemoteCommands parameter is set to 1 and uncommented in the respective zabbix_agentd.conf. Note: Remote commands do not work with active Zabbix agents.
Create an item with that key: system.run[cat /var/opt/backup]. Don't forget to choose the appropriate "Type of information" when creating the item.
I want all OSSEC notifications to be routed to a Slack room instead of email. 2.9.Beta5 has a ossec-slack.sh active response script. The relevant parts of my ossec.conf are:
<command>
<name>ossec-slack</name>
<executable>ossec-slack.sh</executable>
<expect>srcip</expect>
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<command>ossec-slack</command>
<location>local</location>
<level>1</level>
</active-response>
This works for SSH logins (failed and successful), but as far as I can tell doesn't trigger anything else. What am I doing wrong/how are others doing this? Is this just beta software being beta software?
First make sure your ossec-slack.sh file has the correct information in the top:
# FILE: /var/ossec/active-response/bin/ossec-slack.sh
SLACKUSER="ossec"
CHANNEL="#slack_chanel" # include the hash "#"
SITE="https://hooks.slack.com/services/TOKEN"
SOURCE="ossec2slack"
Your "SLACKUSER" is the same as the "Customize Name" field that you set in your Slack WebHook Integrations page.
Now that your ossec-slack.sh file is set up you can test your Slack integration manually:
/var/ossec/active-response/bin/ossec-slack.sh
Running the script manually will post recent entries from your alerts log file:
/var/ossec/logs/alerts/alerts.log
When this script is triggered as an active-response, it will only post the information for the current alert, rather than posting from your log file.
When you have verified that you can post Slack messages manually, add the following XML blocks to your ossec.conf file:
<!-- FILE: /var/ossec/etc/ossec.conf -->
<ossec_config>
<command>
<name>ossec-slack</name>
<executable>ossec-slack.sh</executable>
<expect></expect> <!-- no expect args required -->
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<command>ossec-slack</command>
<location>local</location>
<level>3</level>
</active-response>
</ossec_config>
The settings above will post to your Slack channel whenever a level 3 or above alert is triggered.
Note: no arguments are required within the <expect> tag. But the <expect> tag itself, is required. See OSSEC's active-response documentation for more information.
To test this integration, restart your ossec server:
/var/ossec/bin/ossec-control restart
You should see the "OSSEC Started" alert very quickly:
If you do not see the alert, check your logs for any misconfigurations:
tail /var/ossec/etc/logs/ossec.log
tail /var/ossec/logs/active-responses.log
Not a full answer, but adding on here. To ensure this works, make sure you don't have this set in /var/ossec/etc/ossec.conf. If it's there, just remove.
<active-response>
<disabled>yes</disabled>
</active-response>
I have implemented the fix client that request for market data. I have successfully logged on to the server but when the server sends us a MarketDataIncrementalRefresh message my application rejects with the message "Tag appears more than once" tag for which it is indicating is 55. Can you please help me in resolving it?
The message it rejects is:
8=FIX.4.2 9=196 35=X 34=14 49=Xenfin 56=newchange.api -price 52=20140528-08:54:32.144 262=156 268=2 279=1 269=0 278=B 55=EUR/USD 270=1.36201 271=1000000.00 279=1 269=1 278=A 55=EUR/USD 270=1.36205 271=1000000.00 10=133
and in my config file I have used no data dictionary and set UseDataDictionary=N
This usually means you have a configuration or DataDictionary problem, or both.
Configuration problem: Your config should have UseDataDictionary=Y, and DataDictionary=path/to/xml (or AppDataDictionary= and TransportDataDictionary= if you're on FIX5).
DataDictionary problem: Your counterparty has probably added custom fields to the message, and your DD hasn't been properly updated to reflect them. When parsing repeating groups, when the QF/n parser finds a field that doesn't belong (per DD) to the group, it assumes the group has ended. Any fields after that are considered to be outside the group.
You need to edit your DD file to reflect any changes that your counterparty has made to the standard message set. This will probably include adding custom fields, and may include rearranging field orderings or adding fields to groups that they don't normally belong in. See this page for more info about editing your DD:
http://quickfixn.org/tutorial/custom-fields-groups-and-messages
That's because you have a repeating group, once for bid, once for offer
8=FIX.4.2
9=196
35=X
34=14
49=Xenfin
56=newchange.api -price
52=20140528-08:54:32.144
262=156
268=2
279=1 269=0 278=B 55=EUR/USD 270=1.36201 271=1000000.00
279=1 269=1 278=A 55=EUR/USD 270=1.36205 271=1000000.00
10=133
and you're not handling it properly.