Skedler - Alerts
Skedler – Alerts (User Guide)
Copyright © 2016 Guidanz Inc.
1
Table of Contents 1 Introduction........................................................................................................................................3 2 Skedler-Alerts Concepts................................................................................................................. 3 3 Access Skedler-Alerts......................................................................................................................7 4 Schedule Skedler-Alerts..................................................................................................................7 5 Alert creation with Json File..........................................................................................................14 5.1 Download sample alert JSON file............................................................................ 14 5.2 JSON data key/value description.............................................................................15 5.3 Upload JSON file........................................................................................................ 23 6 Feedback......................................................................................................................................... 24
Copyright © 2016 Guidanz Inc.
2
1 Introduction Skedler – Alerts is an elastic search companion tool with user-friendly UI which helps in alerting on the occurrence of inconsistent data.
If you have real-time data that has been written on Elasticsearch with the matching conditions given in skedler – alerts then the user will be alerted through email or webhook.
2 Skedler-Alerts Concepts S.No
Name
Mandatory/
Description
Optional 1.
Alert Name
Mandatory
A name for scheduling an Alert
2.
Index
Mandatory
Select the indices retrieved automatically from the elastic search based on the input. Example: a. logstash-* b.Logstash-*-2016
3.
Index Type
Optional
List the available types for the given enclosed Elasticsearch index
Copyright © 2016 Guidanz Inc.
3
4.
Time Field
Mandatory
Timestamp field is used to search or query the Elasticsearch indices against particular time range.
5.
Alert Time
Mandatory
Window
Time Window - To generate a report for a specific time range. Ex:- last two hrs, last 5 days.
6.
Alert Conditions
Mandatory
Query to check for events to be alerted. Query can be based on keyword search or compare condition or aggregate condition or any of the combination
7.
Schedule
Mandatory
Time interval to run the given alert conditions and check for inconsistency. Schedule can be in Seconds,minutes or
Copyright © 2016 Guidanz Inc.
4
hourly, daily, weekly, monthly 8.
Alert Action -
Mandatory
Webhook URL
Webhook URL to which the notifications will be sent when an alert event occurs
9.
Alert Action -
Optional
You can insert a set
Webhook
of dynamic field
Parameters
values in additional data or Messages by adding the placeholder parameters. An example is you can select the parameter name Alert Name and copy paste the parameter “${AlertName}” in the required place. The actual alert name will inserted
10.
Alert Action -
Optional
Webhook Message
Message to be sent as notification when an alert condition occurs
Copyright © 2016 Guidanz Inc.
5
11.
Alert Action -
Mandatory
Email To
emails ids ( comma separated list) to which alert notifications are sent.
12.
Alert Action -
Optional
Email CC
emails ids ( comma separated list) to which alerts notifications are sent.
13.
Alert Action -
Optional
Email Parameters
You can insert a set of dynamic field values in Subject and Messages by adding the placeholder parameters. An example is you can select the parameter name Alert Name and copy paste the parameter “${AlertName}” in the required place. The actual alert name will
Copyright © 2016 Guidanz Inc.
6
inserted 14.
Alert Action -
Mandatory
Email Subject
15.
Subject for the email.
Alert Action -
Mandatory
Email Message
Notification message for alert conditions to be sent in email
16.
Alert Action -
Optional
Email Include Json
Events which caused the alert will be sent as an JSON attachment
3 Access Skedler-Alerts After installation, Skedler-Alerts can be accessed from the following URL if the Skedler-Alerts is using the port 3001: http://:3001
4 Schedule Skedler-Alerts 1.Alerts can be scheduled by filling the appropriate values a. Alert Details: 1. Alert Name of your choice. 2. Fill the index name, Skedler-Alerts will provide the available indices from Elasticsearch. 3. Select the Index Type for the selected Elasticsearch index (optional). Copyright © 2016 Guidanz Inc.
7
4. Select the time stamp field for the index.
5. Time window specifies the time interval for which the alert conditions should be evaluated
b. Alert Conditions: 1. Keyword search in Skedler - Alerts will search the entire index for the matching keyword. Keyword search functionality looks more similar to elastic search Query String Query pattern. ●
https://www.elastic.co/guide/en/enclosElasticsearched/reference /current/query-dsl-q uery-string-query.html
●
https://lucene.apache.org/core/2_9_4/queryparsersyntax.html
2. Compare condition: ●
Select field, condition(like greater than, lesser than, equal to etc..) and value to apply the condition
● 3.
Can add n number of conditions by clicking add icon.
Aggregate Conditions : ●
Copyright © 2016 Guidanz Inc.
Can perform aggregation operations like count, avg, min, 8
max based on the selection of field. ●
“No field” will allow to perform count operation based on the resultant data for the given query(keyword search or compare conditions) Eg: No of events occurred for the given condition is greater than 50 etc..
c. Schedule Details : Set up the schedule for the alert by selecting the Frequency type Seconds, Minutes, Hourly, Daily, Weekly and the interval for eg if frequency type is seconds and frequency Time is 5, the alert condition is evaluated every 5 seconds. Set start time at which the alert schedule will start to run.
d. Alert Action : Alert Action is of two types. ➢ Send alerts to Email. Copyright © 2016 Guidanz Inc.
9
➢ Send alerts to a Webhook. 1.Email : ●
You can also schedule your alert to be sent as email.
●
Fill the mandatory fields Subject, To, CC, Message for alert Email
●
Click on save button to save the alert.
2. Webhook : ●
Select the webhook URL and the message to be pushed to the webhook URL.
●
Additional data - you can also send other additional data in the form of key/value pairs to the given webhook URL.
●
Click a save button to save the alert.
Copyright © 2016 Guidanz Inc.
10
2. Once the alert is scheduled, you can see the scheduled alert details in the home page as follows.
Copyright © 2016 Guidanz Inc.
11
3. To edit the scheduled alert. Click “Edit” icon.
4. To delete the scheduled alert, select the alert in grid and click “Delete” button.
Copyright © 2016 Guidanz Inc.
12
5. To clone the existing alert. Click “Clone” icon and change the alert name and click “clone” button
6. To snooze a scheduled alert. Click “snooze” icon and select the time interval for the alert to be snoozed. When you snooze a scheduled alert , Alert will be running but the notifications will no longer be sent via webhook / email until resumed.
Copyright © 2016 Guidanz Inc.
13
7. To resume a snoozed alert , click “unsnooze” icon
5 Alert Creation with JSON file Skedler - Multiple alerts can be created by uploading alerts as JSON file. 1. Download Sample Alert JSON File : You can download the sample JSON data. There are two of types of JSON files with the following configuration: Copyright © 2016 Guidanz Inc.
14
➢ Webhook ➢ Email
2. JSON data key/value description: Field Name
Type
Mandatory/
Description
Optional/ Non-Editable alertName
String - should be
Mandatory
enclosed with “”
index
choice.
String - should be
Mandatory
enclosed with “” indexType
Valid Elasticsearch index name
String - should be
Optional
enclosed with “” timeField
Alert Name of your
Valid type for given Elasticsearch index
String - should be
Mandatory
Valid date field in
enclosed with “”
Elasticsearch index
timeWindow -
Number - should be Mandatory
Event documents
From - value
enclosed with “”
from which time period to be
Copyright © 2016 Guidanz Inc.
15
evaluated timeWindow - To
String - always
Non-Editable
should be “now” Keyword search
Default value is “now”
String - should be
Mandatory
enclosed with “”
Value searched across entire Elasticsearch index
Compare Condition String - should be - term
Mandatory
enclosed with “”
Field that should matches the elastic search given index.
Compare Condition String - should be -
Mandatory
enclosed with “”
Should contains compare operators
condition
like symbols '>','','
Copyright © 2016 Guidanz Inc.
1
Table of Contents 1 Introduction........................................................................................................................................3 2 Skedler-Alerts Concepts................................................................................................................. 3 3 Access Skedler-Alerts......................................................................................................................7 4 Schedule Skedler-Alerts..................................................................................................................7 5 Alert creation with Json File..........................................................................................................14 5.1 Download sample alert JSON file............................................................................ 14 5.2 JSON data key/value description.............................................................................15 5.3 Upload JSON file........................................................................................................ 23 6 Feedback......................................................................................................................................... 24
Copyright © 2016 Guidanz Inc.
2
1 Introduction Skedler – Alerts is an elastic search companion tool with user-friendly UI which helps in alerting on the occurrence of inconsistent data.
If you have real-time data that has been written on Elasticsearch with the matching conditions given in skedler – alerts then the user will be alerted through email or webhook.
2 Skedler-Alerts Concepts S.No
Name
Mandatory/
Description
Optional 1.
Alert Name
Mandatory
A name for scheduling an Alert
2.
Index
Mandatory
Select the indices retrieved automatically from the elastic search based on the input. Example: a. logstash-* b.Logstash-*-2016
3.
Index Type
Optional
List the available types for the given enclosed Elasticsearch index
Copyright © 2016 Guidanz Inc.
3
4.
Time Field
Mandatory
Timestamp field is used to search or query the Elasticsearch indices against particular time range.
5.
Alert Time
Mandatory
Window
Time Window - To generate a report for a specific time range. Ex:- last two hrs, last 5 days.
6.
Alert Conditions
Mandatory
Query to check for events to be alerted. Query can be based on keyword search or compare condition or aggregate condition or any of the combination
7.
Schedule
Mandatory
Time interval to run the given alert conditions and check for inconsistency. Schedule can be in Seconds,minutes or
Copyright © 2016 Guidanz Inc.
4
hourly, daily, weekly, monthly 8.
Alert Action -
Mandatory
Webhook URL
Webhook URL to which the notifications will be sent when an alert event occurs
9.
Alert Action -
Optional
You can insert a set
Webhook
of dynamic field
Parameters
values in additional data or Messages by adding the placeholder parameters. An example is you can select the parameter name Alert Name and copy paste the parameter “${AlertName}” in the required place. The actual alert name will inserted
10.
Alert Action -
Optional
Webhook Message
Message to be sent as notification when an alert condition occurs
Copyright © 2016 Guidanz Inc.
5
11.
Alert Action -
Mandatory
Email To
emails ids ( comma separated list) to which alert notifications are sent.
12.
Alert Action -
Optional
Email CC
emails ids ( comma separated list) to which alerts notifications are sent.
13.
Alert Action -
Optional
Email Parameters
You can insert a set of dynamic field values in Subject and Messages by adding the placeholder parameters. An example is you can select the parameter name Alert Name and copy paste the parameter “${AlertName}” in the required place. The actual alert name will
Copyright © 2016 Guidanz Inc.
6
inserted 14.
Alert Action -
Mandatory
Email Subject
15.
Subject for the email.
Alert Action -
Mandatory
Email Message
Notification message for alert conditions to be sent in email
16.
Alert Action -
Optional
Email Include Json
Events which caused the alert will be sent as an JSON attachment
3 Access Skedler-Alerts After installation, Skedler-Alerts can be accessed from the following URL if the Skedler-Alerts is using the port 3001: http://:3001
4 Schedule Skedler-Alerts 1.Alerts can be scheduled by filling the appropriate values a. Alert Details: 1. Alert Name of your choice. 2. Fill the index name, Skedler-Alerts will provide the available indices from Elasticsearch. 3. Select the Index Type for the selected Elasticsearch index (optional). Copyright © 2016 Guidanz Inc.
7
4. Select the time stamp field for the index.
5. Time window specifies the time interval for which the alert conditions should be evaluated
b. Alert Conditions: 1. Keyword search in Skedler - Alerts will search the entire index for the matching keyword. Keyword search functionality looks more similar to elastic search Query String Query pattern. ●
https://www.elastic.co/guide/en/enclosElasticsearched/reference /current/query-dsl-q uery-string-query.html
●
https://lucene.apache.org/core/2_9_4/queryparsersyntax.html
2. Compare condition: ●
Select field, condition(like greater than, lesser than, equal to etc..) and value to apply the condition
● 3.
Can add n number of conditions by clicking add icon.
Aggregate Conditions : ●
Copyright © 2016 Guidanz Inc.
Can perform aggregation operations like count, avg, min, 8
max based on the selection of field. ●
“No field” will allow to perform count operation based on the resultant data for the given query(keyword search or compare conditions) Eg: No of events occurred for the given condition is greater than 50 etc..
c. Schedule Details : Set up the schedule for the alert by selecting the Frequency type Seconds, Minutes, Hourly, Daily, Weekly and the interval for eg if frequency type is seconds and frequency Time is 5, the alert condition is evaluated every 5 seconds. Set start time at which the alert schedule will start to run.
d. Alert Action : Alert Action is of two types. ➢ Send alerts to Email. Copyright © 2016 Guidanz Inc.
9
➢ Send alerts to a Webhook. 1.Email : ●
You can also schedule your alert to be sent as email.
●
Fill the mandatory fields Subject, To, CC, Message for alert Email
●
Click on save button to save the alert.
2. Webhook : ●
Select the webhook URL and the message to be pushed to the webhook URL.
●
Additional data - you can also send other additional data in the form of key/value pairs to the given webhook URL.
●
Click a save button to save the alert.
Copyright © 2016 Guidanz Inc.
10
2. Once the alert is scheduled, you can see the scheduled alert details in the home page as follows.
Copyright © 2016 Guidanz Inc.
11
3. To edit the scheduled alert. Click “Edit” icon.
4. To delete the scheduled alert, select the alert in grid and click “Delete” button.
Copyright © 2016 Guidanz Inc.
12
5. To clone the existing alert. Click “Clone” icon and change the alert name and click “clone” button
6. To snooze a scheduled alert. Click “snooze” icon and select the time interval for the alert to be snoozed. When you snooze a scheduled alert , Alert will be running but the notifications will no longer be sent via webhook / email until resumed.
Copyright © 2016 Guidanz Inc.
13
7. To resume a snoozed alert , click “unsnooze” icon
5 Alert Creation with JSON file Skedler - Multiple alerts can be created by uploading alerts as JSON file. 1. Download Sample Alert JSON File : You can download the sample JSON data. There are two of types of JSON files with the following configuration: Copyright © 2016 Guidanz Inc.
14
➢ Webhook ➢ Email
2. JSON data key/value description: Field Name
Type
Mandatory/
Description
Optional/ Non-Editable alertName
String - should be
Mandatory
enclosed with “”
index
choice.
String - should be
Mandatory
enclosed with “” indexType
Valid Elasticsearch index name
String - should be
Optional
enclosed with “” timeField
Alert Name of your
Valid type for given Elasticsearch index
String - should be
Mandatory
Valid date field in
enclosed with “”
Elasticsearch index
timeWindow -
Number - should be Mandatory
Event documents
From - value
enclosed with “”
from which time period to be
Copyright © 2016 Guidanz Inc.
15
evaluated timeWindow - To
String - always
Non-Editable
should be “now” Keyword search
Default value is “now”
String - should be
Mandatory
enclosed with “”
Value searched across entire Elasticsearch index
Compare Condition String - should be - term
Mandatory
enclosed with “”
Field that should matches the elastic search given index.
Compare Condition String - should be -
Mandatory
enclosed with “”
Should contains compare operators
condition
like symbols '>','','
