Exemplo n.º 1
0
    def handle_get(self, request, key):
        entity = EmEntity.get(key)
        if not entity:
            raise EntityNotFoundException(
                _('Entity with id %(key)s not found.'))

        correlation_filter = entity.get_correlation_filter()
        response = self.extract_entity_json_response(entity)
        response.update({'correlation_filter': serialize(correlation_filter)})
        return response
Exemplo n.º 2
0
    def _add_data_from_kvstore_to_alert(self, alert_data):
        """
        Adds data from the kvstore to the alert
        """
        managed_by_type = alert_data['managed_by_type']
        managed_by_id = alert_data['managed_by_id']
        entity_title = alert_data['entity_title']
        if managed_by_type == ALERT_TYPE_ENTITY:
            entity = EmEntity.get(managed_by_id)
            managed_by_value = entity_title
            dimensions = entity.dimensions
        else:
            group = EMGroup.get(managed_by_id)
            managed_by_value = group.title
            dimensions = group.filter.to_dict()

        alert_data['managed_by_value'] = managed_by_value
        alert_data['dimensions'] = dimensions
        return alert_data
Exemplo n.º 3
0
    def make_incident_from_alert(self, result, session_key):

        incident = {}
        # name of alert triggered
        alert_name = result['ss_id']
        incident['Alert Name'] = alert_name
        # metric being alerted on
        metric_name = result['metric_name']
        incident['Metric Name'] = metric_name
        # State of metric at time of alert. If metric is info, warn, or critical. This is same as 'message_type'
        alert_state_and_incident_level = SPLUNK_ALERT_CODE_TO_VICTOROPS_INCIDENT_LEVEL[result['current_state']]
        incident['Metric State'] = alert_state_and_incident_level
        # if metric improved or degraded
        state_change = result['state_change']
        incident['Metric State Change'] = state_change

        # value of metric at time of alert
        metric_value = str(round(float(result['current_value']), 1))
        incident['Metric Value'] = metric_value

        # Now setting entity and group specific information
        # Fetching some variables which are necessary in multiple places later
        managed_by_id = result['managed_by_id']
        managed_by_type = result.get('managed_by_type', '')
        entity_title = result.get('entity_title', '')
        aggregation = result.get('aggregation_method', '').lower()
        metric_filters_incl = result.get('metric_filters_incl', '')
        metric_filters_excl = result.get('metric_filters_excl', '')
        split_by = result.get('split_by', '')
        split_by_value = result.get(split_by, '')
        # Split-by identifier dimensions gives no split_by_value but adds entity_title
        if (split_by and not split_by_value):
            split_by_value = entity_title

        if (metric_filters_incl):
            incident['Metric Filters (Inclusive)'] = metric_filters_incl
        if (metric_filters_excl):
            incident['Metric Filters (Exclusive)'] = metric_filters_excl

        # If alert is coming from GROUP...
        if result['managed_by_type'] == ALERT_TYPE_GROUP:
            group = EMGroup.get(managed_by_id)
            filter_dimensions_dict = group.filter.to_dict()
            title = group.title

            filter_dimensions_formatted = EMSendVictorOpsAlertAction._format_filter_dimensions(filter_dimensions_dict)
            workspace_link = self._make_workspace_url(ALERT_TYPE_GROUP, managed_by_id, alert_name)
            incident['Group Triggering Alert'] = title
            incident['Dimensions on Originating Group'] = filter_dimensions_formatted
            incident['Link to Alert Workspace'] = workspace_link
        else:
            # If alert is coming from ENTITY...
            entity = EmEntity.get(managed_by_id)
            title = entity_title

            filter_dimensions_formatted = EMSendVictorOpsAlertAction._format_filter_dimensions(entity.dimensions)
            workspace_link = self._make_workspace_url(ALERT_TYPE_ENTITY, managed_by_id, alert_name)
            incident['Host Triggering Alert'] = entity_title
            incident['Dimensions on Originating Host'] = filter_dimensions_formatted
            incident['Link to Alert Workspace'] = workspace_link

        # Lastly, setting victorops-specific info
        # message_type tells VO whether incident is info, warn, or critical
        incident['message_type'] = alert_state_and_incident_level
        # entity_id is incident's uuid. It lets you update the incident. It has nothing to do with SII entity concept.
        incident['entity_id'] = '%s_%s' % (managed_by_id, metric_name)
        # VO uses message to populate emails, service now tickets, slack etc
        # Group (or entity) split-by alert
        if (split_by != 'None'):
            split_by_clause = (
                ' ({aggregation}) on {managed_by_type}: {title}, {split_by}: '
                '{split_by_value}'
                ).format(
                    managed_by_type=managed_by_type,
                    title=title,
                    split_by=split_by,
                    split_by_value=split_by_value,
                    aggregation=aggregation
                )
        # Entity or group aggregation alert
        else:
            split_by_clause = (
                ' ({aggregation}) on {managed_by_type}: {title}'
                ).format(
                    managed_by_type=managed_by_type,
                    title=title,
                    aggregation=aggregation
                )

        message = '{metric_name} {state_change}s to {metric_value}{split_by_clause}'.format(
            metric_name=metric_name,
            state_change=state_change,
            metric_value=metric_value,
            split_by_clause=split_by_clause
        )
        incident['state_message'] = message
        incident['entity_display_name'] = message
        return incident