I'm trying to use message formatting in slack. The Elastalert Testrule.yaml file is partially being parsed. The slack alert shows up with only slack_alert_fields and alert_text fields. I want to send attachments as well in the alerts.
How to use attachments or create buttons fort slack alerts?
es_host: elasticsearch
es_port: 9200
name: Test rule Alert
type: any
index: alerts-*
filter:
- term:
alertType.keyword: "New alert created"
alert:
- "slack"
slack_alert_fields:
- title: Network Name
value: networkName
short: true
- title: Alert Type
value: alertType
short: true
slack_actions:
- name: "network url"
text: "Network URL"
type: "button"
value: networkUrl
alert_text: |
alertData : {0}
alert_text_type: alert_text_only
alert_text_args: ["alertData"]
attachments: [
{
"fallback": "Required plain-text summary of the attachment.",
"color": "#37964f",
"pretext": "New alert created",
"title": alertData.reason ,
"fields": [
{
"title": "Network Name",
"value": networkName,
"short" : true
},
{
"title": "Timestamp",
"value": timestamp,
"short" : true
}
],
"actions": [
{
"name": "network url",
"text": "Network URL",
"type": "button",
"value": networkUrl
},
{
"name": "org_url",
"text": "Organization URL",
"type": "button",
"value": organizationUrl
}
]
}
]
slack_webhook_url:
- "https://hooks.slack.com/xxxxxxxxxxxxxxxxxxxxxxx"
Looking at the official documentation it appears that Elastalert does not support adding custom Slack attachments for alerts, because there is no property for it in the documentation.
In fact it seams that alerts are already formatted as attachment, which is why you can set a title and a title-URL. And also define additional "fields". Something that you can only do with attachments in Slack.
This also means that you can not specify buttons for your alerts (which are a special kind of attachments in Slack).
If you need this functionality I would suggest contacting the developer of Elastalert.
Related
I am able to send mail and add custom internetMessageHeaders. But what I'm attempting to do now is return messages based on filtering to the custom headers I'm adding.
Example:
If I add a custom header to the message for "x-custom-header-productid = x123z" I want to filter and return all messages that have the custom header for x-custom-header-productid that equals x123z. Is this possible?
Thanks!
The header needs to be provisioned in the Mailbox you want to search for it on eg https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-provision-x-headers-by-using-ews-in-exchange
So in the Graph if you send a Message using that mailbox that would provision it for use in that Mailbox eg
{
"message": {
"subject": "Meet for lunch?",
"body": {
"contentType": "Text",
"content": "The new cafeteria is open."
},
"toRecipients": [
{
"emailAddress": {
"address": "youmailbox#domain.com"
}
}
],
"singleValueExtendedProperties": [
{
"id": "String {00020386-0000-0000-C000-000000000046} Name X-blah-blah",
"value": "Food"
}
]
}
}
You could then search for any messages that arrived (after you provisioned that header)eg which would mean the property would be promoted in the store.
https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messages?$filter=singleValueExtendedProperties/any(ep:ep/id eq 'String {00020386-0000-0000-C000-000000000046} Name X-blah-blah' and ep/value eq 'Food')
I have a fully built API, that creates tasks into MS Teams "Tasks by Planner and To Do".
MS actual graph API used POST https://graph.microsoft.com/v1.0/planner/tasks
Sample API:
{
"routeId": "7fcxxxxx-xxxx-xxxx-xxxx-5d35838xxxxx",
"userId": "77cxxxxx-xxxx-xxxx-xxxx-5f09858xxxxx",
"tenantId": "dcdxxxxx-xxxx-xxxx-xxxx-31002a1xxxxx",
"title": "Task: Add you task title",
"hospitalAssignment": null,
"percentComplete": 0,
"createdTimestamp": "2021-04-20T01:51:49Z",
"startDateTimestamp": "2021-04-20T18:10:15Z",
"dueDate": "2021-11-20T11:47:33.000Z",
"Notes": "Add some useful notes here",
"checklistItems": [
{
"title": "itema"
},
{
"title": "itemb"
}
],
"attachments": [
{
"url": "https://www.google.com",
"alias": "link"
},
{
"url": "https://teams.microsoft.com/file/....",
"alias": "Test Document 1"
},
{
"url": "https://random.sharepoint.com/sites/...",
"alias": "Test Document 2"
},
],
"comments": "null,",
"priority": null
}
Hitting the above API creates a task in the planner as seen below
So, here is an issue - when I try to click on link it took me to the browser and opens up google which is fine. Now, when I click on Test Document 1 or Test Document 2 it throws an unknown error and Sorry, something went wrong respectively.
After that, I created the task manually and adding the attachments from Add Attachment and paste the links to the file there, then click the files works and opens up the documents.
Assuming you are referring to adding / updating the Planner Task Details for a PlannerTask;
there is a sample provided of adding (PATCH) a pptx file using a 'teams path' as you referred to it.
Note that the path must be (url)encoded.
Tasks - plannerTaskDetail < references
https://learn.microsoft.com/en-us/graph/api/resources/plannerexternalreferences?view=graph-rest-1.0
{
"https%3A//contoso%2Esharepoint%2Ecom/teams/agile/documents/AnnualReport%2Epptx":
{
"#odata.type": "microsoft.graph.externalReference", // required in PATCH requests to edit the references on a task
"alias": "Agile Team Annual Report",
"lastModifiedBy": {
"user": {
"id": "ebf3b108-5234-4e22-b93d-656d7dae5874"
}
},
"lastModifiedDateTime": "2015-09-21T17:45:12.039Z",
"previewPriority": "0009005756397228702",
"type": "PowerPoint"
}
}
I'm routing telemetry messages via IoT Events and event Grid to Logic Apps using a webhook. The logic app lets you input a sample JSON message and then use dynamic content to add information to an email alert I'm sending(O365: Send an Email V2)
I can include System Properties like "iothub-connection-device-id" But when I try to pick temeletry data I get the following error:
InvalidTemplate. Unable to process template language expressions in action 'Send_an_email_(V2)' inputs at line '1' and column '1680': 'The template language expression 'items('For_each')?['data']?['body']?['windingTemp1']' cannot be evaluated because property 'windingTemp1' cannot be selected. Property selection is not supported on values of type 'String'. Please see https://aka.ms/logicexpressions for usage details.'.
When I look at the raw output of the webhook connector it shows the following message but the telemetry points are cleary not there. I'd expect to see them in the "body" property but instead there is just the string: "eyJ3aW5kaW5nVGVtcDEiOjg2LjYzOTYxNzk4MjYxODMzLCJ3aW5kaW5nVGVtcDIiOjc4LjQ1MDc4NTgwMjQyMTUyLCJ3aW5kaW5nVGVtcDMiOjg1LjUzMDYxMDY5OTQ1MzY1LCJMb2FkQSI6MjAyOS44NDgyMTg4ODYxMTEsIkxvYWRCIjoyMDQwLjgxMDk4OTg0MDMzMzgsIkxvYWRWIjoyMDA0LjYxMTkzMjMyNTQ2MTgsIk9pbFRlbXAiOjk5LjA2MjMyNjU2MTY4ODU4fQ=="
Looking for help to determine what could be causing this and how to get the telemetry data passed through correctly so that I can inculde it dynamically in the email alert.
Thanks!
{
"headers": {
"Connection": "Keep-Alive",
"Accept-Encoding": "gzip,deflate",
"Host": "prod-24.northeurope.logic.azure.com",
"aeg-subscription-name": "TEMPALERT",
"aeg-delivery-count": "1",
"aeg-data-version": "",
"aeg-metadata-version": "1",
"aeg-event-type": "Notification",
"Content-Length": "1017",
"Content-Type": "application/json; charset=utf-8"
},
"body": [
{
"id": "c767fb91-3806-324c-ec3c-XXXXXXXXXX",
"topic": "/SUBSCRIPTIONS/XXXXXXXXXXXX",
"subject": "devices/Device-001",
"eventType": "Microsoft.Devices.DeviceTelemetry",
"data": {
"properties": {
"TempAlarm": "true"
},
"systemProperties": {
"iothub-connection-device-id": "Device-001",
"iothub-connection-auth-method": "{\"scope\":\"device\",\"type\":\"sas\",\"issuer\":\"iothub\",\"acceptingIpFilterRule\":null}",
"iothub-connection-auth-generation-id": "637264713410XXXX",
"iothub-enqueuedtime": "2020-06-01T23:05:58.3130000Z",
"iothub-message-source": "Telemetry"
},
"body": "eyJ3aW5kaW5nVGVtcDEiOjg2LjYzOTYxNzk4MjYxODMzLCJ3aW5kaW5nVGVtcDIiOjc4LjQ1MDc4NTgwMjQyMTUyLCJ3aW5kaW5nVGVtcDMiOjg1LjUzMDYxMDY5OTQ1MzY1LCJMb2FkQSI6MjAyOS44NDgyMTg4ODYxMTEsIkxvYWRCIjoyMDQwLjgxMDk4OTg0MDMzMzgsIkxvYWRWIjoyMDA0LjYxMTkzMjMyNTQ2MTgsIk9pbFRlbXAiOjk5LjA2MjMyNjU2MTY4ODU4fQ=="
},
"dataVersion": "",
"metadataVersion": "1",
"eventTime": "2020-06-01T23:05:58.313Z"
}
]
}
Here is the sample input I am using with the trigger:
[{
"id": "9af86784-8d40-fe2g-8b2a-bab65e106785",
"topic": "/SUBSCRIPTIONS/<subscription ID>/RESOURCEGROUPS/<resource group name>/PROVIDERS/MICROSOFT.DEVICES/IOTHUBS/<hub name>",
"subject": "devices/LogicAppTestDevice",
"eventType": "Microsoft.Devices.DeviceTelemetry",
"eventTime": "2019-01-07T20:58:30.48Z",
"data": {
"body": {
"windingTemp1": 95.62818310718433
},
"properties": {
"Status": "Active"
},
"systemProperties": {
"iothub-content-type": "application/json",
"iothub-content-encoding": "utf-8",
"iothub-connection-device-id": "d1",
"iothub-connection-auth-method": "{\"scope\":\"device\",\"type\":\"sas\",\"issuer\":\"iothub\",\"acceptingIpFilterRule\":null}",
"iothub-connection-auth-generation-id": "123455432199234570",
"iothub-enqueuedtime": "2019-01-07T20:58:30.48Z",
"iothub-message-source": "Telemetry"
}
},
"dataVersion": "",
"metadataVersion": "1"
}]
Summary comment to answer to help others who have same problem.
The body you provided is Base64 encoded, you can decode it with Convert.FromBase64String(String) Method.
byte[] newBytes = Convert.FromBase64String(body);
For more details, you could refer to this issue.
Update:
Add the following code in my application will solve the problem.
message.ContentEncoding = "utf-8";
message.ContentType = "application/json";
I am hitting sonar api (api/qualitygates/project_status?analysisId=xyz) from pipeline based on analysisId to get the project status. The response recevied is based on Type[bugs/vulnerability/code-smells]
Is it possible to get the status based on Severity [blocker/critical/major] ?
{
"projectStatus": {
"status": "ERROR",
"conditions": [
{
"status": "OK",
"metricKey": "bugs",
"comparator": "GT",
"errorThreshold": "0",
"actualValue": "0"
},
{
"status": "ERROR",
"metricKey": "vulnerabilities",
"comparator": "GT",
"errorThreshold": "0",
"actualValue": "31"
},
{
"status": "ERROR",
"metricKey": "code_smells",
"comparator": "GT",
"errorThreshold": "0",
"actualValue": "72"
}
],
"periods": [
],
"ignoredConditions": false
}
}
Here how I got the status, may help someone who is struggling with this issue.
The trick it to use short-lived branch-name instead of using the analysisId on following api-
http://sonardashboard.xxx.com/api/issues/search?componentRoots=<Project-key>&severities=<Type of severity>&branch=<short-lived branch name>
Note: This will give issues with status - open and closed. Couldn't filter out using api based on status though.
I'm trying to document an API with a static swagger file that can return some JSON that contains an array that looks something like this:
[
{
"type": "type A",
"field A": "this field is specific to type A"
},
{
"type": "type B",
"field B": "this field is specific to type B"
}
]
I've tried a few different ways of defining my spec using either polymorphism or explicitly defining multiple examples. The examples have always either ended up looking like:
[
{
"type": "type A",
"field A": "this field is specific to type A",
"field B": "this field is specific to type B"
}
]
or just:
[
{
"type": "type A",
"field A": "this field is specific to type A"
}
]
Is there a way to define an example in my swagger spec so that the example payload shown by swagger-ui will contain an array containing an example of Type A and an example of Type B like the first JSON I wrote?
Actually, you can. In the responses object, put an examples object with an array as the value of the mime type. like so:
400:
description: Bad Request
examples:
application/json:
[
{
code:10000,
message:"Missing Input Parameters",
fieldA: "AAAAA"
},{
code:42,
message:"Ask the question",
fieldB: "BBBBBB"
}
]
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
You can't.
You can only define one example per mime-type per response :
{
"description": "A response",
"schema": {
"type": "string"
}
},
"examples": {
"application/json": {
"name": "Dog"
},
"application/xml": {
"name": "Cat"
}
}
}
If you want add complete scenario, I suggest you to write (or generate) a full scenario example in an HTML page and link it with an externalDocs. You can define externalDocs in root, operations, tags and schemas.