I have a trigger with:
PROBLEM event generation mode: Multiple
OK event closes: All problems
That trigger fires at the expression for the trapper item, which's updated by the crontab multiple times a day. Every time trapper gets a new value, it should be reported by the alert (cause' every time it gets a different value, which is important). But when it's OK, one message should be enough.
Action has "Send message to user groups" operation with a single step, "Immediately" start option and "Default" step duration (3600s).
Recovery operation set to "Send message to user groups" option.
Action also has only folowing conditions in the drop-down:
Application
Host
Host group
Maintenance status
Tag
Tag value
Template
Time period
Trigger
Trigger name
Trigger severity
What may be the reason for multiple duplicating alert messages with OK status, coming at the same moment from the same trigger (and the same alert)?
Have you tried global event correlation ?
It is possible to correlate events created by completely different
triggers and apply the same operations to them all. By creating
intelligent correlation rules it is actually possible to save yourself
from thousands of repetitive notifications and focus on root causes of
a problem!
https://www.zabbix.com/documentation/3.4/manual/config/event_correlation/global
Related
For example, over 4000 events per day should have an email notification.
If you are using Open Distro, where no CCS is being used and want to create an email notification for over 4000 events in a day, find below the high level steps:
Click on Alerting on the left menu
Click on Destinations tab and Add destination, this will be an Email as a destination, enter a valid email and the smtp configuration under Manage Senders, then select it under Sender, add a recipient email under Recipients
Create a Monitor: Under Method of definition you can select Define using visual graph, under Index enter wazuh-alerts* (this will select all events that you visualize under Wazuh>Modules>Security Events), under Time field you can select #timestamp. Leave the WHEN Count(), OVER all documents and WHERE all fields are included as default, in option FOR THE LAST … select for the last 24 hours. Finally select the frequency under Monitor Schedule as Daily and the time when you want this to run, alternatively you can select By interval and run it Every 1 Days, click on Create
With the Monitor created you will have to create a trigger, in trigger condition enter IS ABOVE 4,000. Under Configure actions select the Destination created in step 2, then the Message subject you would like the recipient to receive and you can leave the Message by default, it uses Mustache if you would like to edit it, you can send a test message to check if the Destination and smtp is configured correctly. Click on Create
Last step is to enable your monitor in case it was not enabled when created, select it from Monitors tab and click on Actions>Enable
I hope you are able to configure it, let me know!
Let say an instance of my program is running. It has 'File1.My' open (whatever that is).
Now the user double clicks in WinExplorer 'File2.My'. The 'My' extension is associated with my program so, a second instance will start. I use WMCOPYDATA to pass the filename ('File2') from the second instance to the first instance. The first instance will receive the filename load that file. The second instance will closed itself.
My problem is that the WMCOPYDATA message might appear while the first instance is showing a dialog box like "Are you sure you want to save File1 to disk?".
When the message arrives, first instance will load File2 while the dlg box is shown on screen asking about 'File1'.
So, how I handle this??
Maybe by putting the Load(File2) in a queue that I process after the dialog box closes?
Or maybe I should filter from the message queue the WMCopyData when a modal dialog box is open?
Use some kind of flag: if WMCopyDataReceived_Flag then Abort_current_code_after_the_dlgbox
All 3 seems more complicated than necesary.
My problem is that the WMCOPYDATA message might appear while the first instance is showing a dialog box like "Are you sure you want to save File1 to disk?".
When the message arrives, first instance will load File2 while the dlg box is shown on screen asking about 'File1'.
What is wrong with that? The dialog's message loop will still dispatch the WM_COPYDATA message to the correct window message procedure. You should be treating each file individually. Does you app not allow multiple files to be loaded at the same time?
So, how I handle this??
Maybe by putting the Load(File2) in a queue that I process after the dialog box closes?
If you don't want the new file loaded while the dialog is running, then yes, this is what you will have to do. Especially since the user could try to load multiple files (or even the same file multiple times) while the dialog is running.
Otherwise, simply ignore the WM_COPYDATA message altogether while the dialog is running. Perhaps send another message back to the 2nd instance telling it that the WM_COPYDATA message was ignored, so it can then notify the user to try again later. After the 2nd instance sends WM_COPYDATA, make it wait a few seconds before exiting, in case such a reply comes in. Perhaps always send a reply back, either ACK or NACK accordingly, and make the 2nd instance wait for either reply.
Or maybe I should filter from the message queue the WMCopyData when a modal dialog box is open?
No, especially since you don't have access to do that kind of filtering anyway. WM_COPYDATA is a sent message, not a posted message, so the message queue won't ever see it, but performing message retrieval on the message queue will automatically dispatch it.
Use some kind of flag: if WMCopyDataReceived_Flag then Abort_current_code_after_the_dlgbox
I don't even understand what you are trying to do with that.
In DevOps, I need a field which can be a counter and get incremented +1 whenever the work item state change from "Done" to "In progress". I tried to have an integer field and set the Rule as mentioned below
condition: when a work item state changes From "Done" to "In Progress"
Action: Set the value of "Field" to "+1".
This rule is changing the value of the counter from 0 to 1 for the very first time only. However the counter does not keep incrementing whenever I change the work Item state from "Done" to "In progress"
Please suggest me an approach to do it.
I have a similar use case: counting the amount of times a work item fails testing (gets moved back from Resolved to Active). Since I don't need a true increment, just want an indication whether this has happened once, twice, thrice or more, I made a couple of rules, one for each increment, like this:
It won't help in any increment scenario, but possibly it helps some people.
Azure Devops does not support increments. You can try to use:
TFS Aggregator (Web Service).
Create rules with Azure Logic App. It contains triggers and methods to update work items.
Create a custom application. Add field like "Need Increment" with default value "false". Create Rule - condition: when a work item state changes From "Done" to "In Progress" Action: Set the value of "Need Increment" to "true". Your custom application updates you increment field and set "Need Increment" to "false".
I have multiple buttons "Buy Now" on a homepage. All the "Buy Now" buttons takes the user to "same" next page (product details)
I don't have any dataLayer on the page so I am using CSS selectors to trigger Adobe Analytics event.
I am using 'show' (not click) and fire adobe analytics "event 1". So multiple time we are firing "event 1" as there are multiple buttons.
Is there anyway I can serialize the event? e.g. pass event1:1234. Do I just create a timestamp or? what are my options to count it as a single event per pageview?
I think this is what you're looking for: https://marketing.adobe.com/resources/help/en_US/sc/implement/event_serialization_impl.html
Here is an excerpt :
To use Event serialization, you must first enable it in Admin >
Report Suite > [select report suite] > Edit Settings > Success
Events. Then select which events you want recorded in the Unique
Event Recording column. There are three different settings an event
can be set to.
Always record event: This is the default behavior of all events when
initially enabled. All events included in image requests will be sent
directly to Analytics, including page reloads.
Record once per visit: An event with this setting enabled will only
track the first instance of that event in a given visit. Once a new
visit starts, each event with this setting enabled can be tracked
again. This is an effective way to mitigate duplicate events via
browser refreshes.
Use event ID: This setting allows the capability to associate each
event with a unique ID. If Analytics sees an eventID it has already
seen before with that variable, it will not be counted in reporting.
Alternatively, we use the appendList plugin which makes this completely painless. Ensuring a non-duplicate event is as simple as this:
s.events = s.apl(s.events, "event999", ",", 1);
Here is a link to that plugin: https://marketing.adobe.com/resources/help/en_US/sc/implement/appendList.html
I'm trying to figure out the mechanism to post an ephemeral message to a user and then remove it and replace it with a message visible to all. Similar behavior to giphy in which the Slash Command shows an interactive ephemeral message and creates a channel message once the user decides which gif to send. I'm also curious about updating the ephemeral message. I assume this can be done by the response_url if we use an interactive ephemeral message.
I initially figured I'd just create a ephemeral message using chat.postEphemeral and then call chat.delete on it, but it seems chat.delete and chat.update can't be called on a message created using chat.postEphemeral.
The Slack message guidelines seems to suggest that a multi-step interactive flow should always be handled in an ephemeral way so that other channel user don't see all intermediate messages before the result but I'm having bad luck figuring out how to get rid of the ephemeral when done. Probably just being bad at reading but any help appreciated.
Edit with more details:
The documentation around using response_url and postEphemeral states
As you replace messages using chat.update or the replace_original
option, you cannot change a message's type from ephemeral to
in_channel. Once a message has been issued, it will retain its
visibility quality for life.
The message guidelines suggest:
If a user has initiated an action that has multiple steps, those steps
should be shown as ephemeral messages visible only to that user until
the entire action is complete to avoid cluttering the channel for
everyone.
Presumably, I should be able to create an interaction in which I first send an in_channel interactive message.
When a user initiates an action, I should be able to send them a series of ephemeral messages using the response_url and passing response_type: 'ephemeral' and replace_original: false?
A new ephemeral interactive message created this way will have its own response_url for making edits, right?
Once I am done with the interactive flow via ephemeral messages, I can modify the original interactive message using its original response_url?
Lastly, how do I get rid of the last ephemeral edit? Or do I just change it to something like "Workflow completed" and hope for the best? I'm asking because Slash commands obviously seem to have a way to essentially replace the ephemeral message for an in_channel message and I'm trying to figure this kind of workflow out.
I searched high and low on how to do this and finally came across the answer.
Your ephemeral message must trigger an action, i.e. button click.
Your response to the action must use the following body
{
'response_type': 'ephemeral',
'text': '',
'replace_original': true,
'delete_original': true
}
'delete_original': true is the key here, which as far as I can tell is not mentioned in any of the API guides, however it is present in the API field guide under Top-level message fields
If you wish to change the response_type of your message instead of deleting it, you must do so by first deleting the ephemeral message and then posting the same message with 'response_type': 'in_channel'.
In my use case I wanted to take an ephemeral message and repost it with the exact same message body as an in-channel message. I have not found a way to retrieve the content of your ephemeral message, so the best method I've found is to pass whatever necessary data spawned your ephemeral message in the button's value so that your action handler can read this data and dynamically recreate the message body.
In my case, this was the user input being used to perform a query. On the off chance that data in the database changes between the time the original ephemeral message is posted and the in-channel version is posted they will be different. You may be able to send a JSON string directly through this value field and avoid making additional database calls and running the risk of messages changing when posted to the channel. The character limit of value is 2000 so JSON passing is extremely limited.
Assuming you use the same code to generate this body when initially creating the ephemeral message and also when recreating it in-channel, you should receive the same body and essentially are able to change an ephemeral message to in-channel message.
Some ephemeral messages can be "soft" deleted/replaced but only when posted as part of a message with interactive features like buttons or menus. When a button is clicked or a menu selection made, you have a chance to instruct Slack to either "delete" the original message, or replace it with a new one. These docs detail using responses and response_url to accomplish that.
A message created with chat.postEphemeral that itself has no interactive features can never be explicitly deleted. Once it's delivered, it's like a ghost and will disappear following a restart or refresh.
Answering your bulleted questions in order:
Correct, you essentially start a new chain of interactivity with net new ephemeral message you post to that user
Each interactive message interaction will have its own response URL. The new ephemeral message won't have a response_url you can use until the end user presses a button, selects a menu item, etc.
response_url will eventually expire ("using the response_url, your app can continue interacting with users up to 5 times within 30 minutes of the action invocation.") If the original message is non-ephemeral, using chat.update is a better strategy for longer timelines. With ephemeral messages, it's more of a "do your best" strategy. They'll eventually get cleaned up for the user after a refresh.
I think you have a good handle on what's best. Personally, I think it's easier to kick off a new "in_channel" message by using chat.postMessage instead of as a chain effect directly from a slash command or interaction.
The Kotlin/Java version for this solution using the Bolt API as shown below
import com.slack.api.bolt.handler.builtin.BlockActionHandler
import com.slack.api.bolt.request.builtin.BlockActionRequest
import com.slack.api.app_backend.interactive_components.response.ActionResponse
import com.slack.api.bolt.response.Response
import com.slack.api.bolt.context.builtin.ActionContext
object Handler : BlockActionHandler {
override fun apply(req: BlockActionRequest,
context: ActionContext): Response {
val response = ActionResponse
.builder()
.deleteOriginal(true)
.replaceOriginal(true)
.responseType("ephemeral")
.blocks(listOf())
.text("")
.build()
context.respond(response)
return context.ack()
}
}
If you are using Python and Flask the following code should work when you respond to a button click in the ephemeral message:
from flask import jsonify
response = jsonify({
'response_type': 'ephemeral',
'text': '',
'replace_original': 'true',
'delete_original':'true'
})
return make_response(response, 200)