Styjun

Fix Ethernet 10/100 PoE cable with 7 out of 8 wires alive

French license plates

Beyond Futuristic Technology for an Alien Warship?

Should I be on the paper from another PhD student that I constantly went on his meetings?

Incomplete iffalse: How to shift a scope in polar coordinate?

Are devices supposed to automatically be removed from iCloud when all content and settings are erased?

Lost passport and visa, tried to reapply, got rejected twice. What are my next steps?

What would influence an alien race to map their planet in a way other than the traditional map of the Earth

How does Monks' Improved Unarmored Movement work out of combat?

How to visualize an ordinal variable predicting a continuous outcome?

Is it possible to take a database offline when doing a backup using an SQL job?

How to stop the death waves in my city?

Do I need to use BX wire in my house?

Why isn't there armor to protect from spells in the Potterverse?

Duck, duck, gone!

My machine, client installed VPN,

Why has Speaker Pelosi been so hesitant to impeach President Trump?

If someone asks a question using “quién”, how can one shortly respond?

Realistically, how much do you need to start investing?

Is there an in-universe explanation of how Frodo's arrival in Valinor was recorded in the Red Book?

How is the Apple Watch ECG disabled in certain countries?

Is it mandatory to use contractions in tag questions and the like?

Which Catholic priests were given diplomatic missions?

Why do Russians sometimes spell "жирный" (fatty) as "жырный"?

Elastalert Rules for slack integration (message formatting and Attachments)

Slack: Retrieve all messagesAggregate values in ElastAlert rulesIs it possible not to display rule name in ElastAlert alerts?elastalert configure slack notificationSlack API - Attatchments from custom bot post as plain textmultiple queries on multiple indices and different rules in elastalertsetting 'replace_original' to false while responding to Slack message action request doesn't workElastalert rule for CPU usage in percentageSlack Interactive Messages: POST request payload has an unexpected formatHow to add Slack message button to open direct chat with a user?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

0

I'm trying to use message formatting in slack. The Elastalert Testrule.yaml file is partially being parsed. The slack alert shows up with only slack_alert_fields and alert_text fields. I want to send attachments as well in the alerts.
How to use attachments or create buttons fort slack alerts?

es_host: elasticsearch
es_port: 9200
name: Test rule Alert
type: any
index: alerts-*
filter:
- term:
 alertType.keyword: "New alert created"

alert:
- "slack"

slack_alert_fields:
- title: Network Name
 value: networkName
 short: true
- title: Alert Type
 value: alertType
 short: true
slack_actions:
- name: "network url"
 text: "Network URL"
 type: "button"
 value: networkUrl

alert_text: |
 alertData : 0

alert_text_type: alert_text_only
alert_text_args: ["alertData"]

attachments: [
 
 "fallback": "Required plain-text summary of the attachment.",
 "color": "#37964f",
 "pretext": "New alert created",

 "title": alertData.reason ,
 "fields": [
 
 "title": "Network Name",
 "value": networkName,
 "short" : true
 ,
 
 "title": "Timestamp",
 "value": timestamp,
 "short" : true
 
 ],
 "actions": [
 
 "name": "network url",
 "text": "Network URL",
 "type": "button",
 "value": networkUrl
 ,
 
 "name": "org_url",
 "text": "Organization URL",
 "type": "button",
 "value": organizationUrl

 

 ]

 
 ]


slack_webhook_url:
- "https://hooks.slack.com/xxxxxxxxxxxxxxxxxxxxxxx"

slack-api elastalert

share|improve this question

edited Mar 28 at 20:48

strongpoint

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

add a comment
 | 

0

I'm trying to use message formatting in slack. The Elastalert Testrule.yaml file is partially being parsed. The slack alert shows up with only slack_alert_fields and alert_text fields. I want to send attachments as well in the alerts.
How to use attachments or create buttons fort slack alerts?

es_host: elasticsearch
es_port: 9200
name: Test rule Alert
type: any
index: alerts-*
filter:
- term:
 alertType.keyword: "New alert created"

alert:
- "slack"

slack_alert_fields:
- title: Network Name
 value: networkName
 short: true
- title: Alert Type
 value: alertType
 short: true
slack_actions:
- name: "network url"
 text: "Network URL"
 type: "button"
 value: networkUrl

alert_text: |
 alertData : 0

alert_text_type: alert_text_only
alert_text_args: ["alertData"]

attachments: [
 
 "fallback": "Required plain-text summary of the attachment.",
 "color": "#37964f",
 "pretext": "New alert created",

 "title": alertData.reason ,
 "fields": [
 
 "title": "Network Name",
 "value": networkName,
 "short" : true
 ,
 
 "title": "Timestamp",
 "value": timestamp,
 "short" : true
 
 ],
 "actions": [
 
 "name": "network url",
 "text": "Network URL",
 "type": "button",
 "value": networkUrl
 ,
 
 "name": "org_url",
 "text": "Organization URL",
 "type": "button",
 "value": organizationUrl

 

 ]

 
 ]


slack_webhook_url:
- "https://hooks.slack.com/xxxxxxxxxxxxxxxxxxxxxxx"

slack-api elastalert

share|improve this question

edited Mar 28 at 20:48

strongpoint

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

add a comment
 | 

I'm trying to use message formatting in slack. The Elastalert Testrule.yaml file is partially being parsed. The slack alert shows up with only slack_alert_fields and alert_text fields. I want to send attachments as well in the alerts.
How to use attachments or create buttons fort slack alerts?

es_host: elasticsearch
es_port: 9200
name: Test rule Alert
type: any
index: alerts-*
filter:
- term:
 alertType.keyword: "New alert created"

alert:
- "slack"

slack_alert_fields:
- title: Network Name
 value: networkName
 short: true
- title: Alert Type
 value: alertType
 short: true
slack_actions:
- name: "network url"
 text: "Network URL"
 type: "button"
 value: networkUrl

alert_text: |
 alertData : 0

alert_text_type: alert_text_only
alert_text_args: ["alertData"]

attachments: [
 
 "fallback": "Required plain-text summary of the attachment.",
 "color": "#37964f",
 "pretext": "New alert created",

 "title": alertData.reason ,
 "fields": [
 
 "title": "Network Name",
 "value": networkName,
 "short" : true
 ,
 
 "title": "Timestamp",
 "value": timestamp,
 "short" : true
 
 ],
 "actions": [
 
 "name": "network url",
 "text": "Network URL",
 "type": "button",
 "value": networkUrl
 ,
 
 "name": "org_url",
 "text": "Organization URL",
 "type": "button",
 "value": organizationUrl

 

 ]

 
 ]


slack_webhook_url:
- "https://hooks.slack.com/xxxxxxxxxxxxxxxxxxxxxxx"

slack-api elastalert

share|improve this question

edited Mar 28 at 20:48

strongpoint

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

es_host: elasticsearch
es_port: 9200
name: Test rule Alert
type: any
index: alerts-*
filter:
- term:
 alertType.keyword: "New alert created"

alert:
- "slack"

slack_alert_fields:
- title: Network Name
 value: networkName
 short: true
- title: Alert Type
 value: alertType
 short: true
slack_actions:
- name: "network url"
 text: "Network URL"
 type: "button"
 value: networkUrl

alert_text: |
 alertData : 0

alert_text_type: alert_text_only
alert_text_args: ["alertData"]

attachments: [
 
 "fallback": "Required plain-text summary of the attachment.",
 "color": "#37964f",
 "pretext": "New alert created",

 "title": alertData.reason ,
 "fields": [
 
 "title": "Network Name",
 "value": networkName,
 "short" : true
 ,
 
 "title": "Timestamp",
 "value": timestamp,
 "short" : true
 
 ],
 "actions": [
 
 "name": "network url",
 "text": "Network URL",
 "type": "button",
 "value": networkUrl
 ,
 
 "name": "org_url",
 "text": "Organization URL",
 "type": "button",
 "value": organizationUrl

 

 ]

 
 ]


slack_webhook_url:
- "https://hooks.slack.com/xxxxxxxxxxxxxxxxxxxxxxx"

share|improve this question

edited Mar 28 at 20:48

strongpoint

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

share|improve this question

edited Mar 28 at 20:48

strongpoint

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

asked Mar 28 at 19:44

strongpointstrongpoint

1955 bronze badges

1 Answer
1

active

oldest

votes

0

Looking at the official documentation it appears that Elastalert does not support adding custom Slack attachments for alerts, because there is no property for it in the documentation.

In fact it seams that alerts are already formatted as attachment, which is why you can set a title and a title-URL. And also define additional "fields". Something that you can only do with attachments in Slack.

This also means that you can not specify buttons for your alerts (which are a special kind of attachments in Slack).

If you need this functionality I would suggest contacting the developer of Elastalert.

share|improve this answer

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

add a comment
 | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55405733%2felastalert-rules-for-slack-integration-message-formatting-and-attachments%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Looking at the official documentation it appears that Elastalert does not support adding custom Slack attachments for alerts, because there is no property for it in the documentation.

In fact it seams that alerts are already formatted as attachment, which is why you can set a title and a title-URL. And also define additional "fields". Something that you can only do with attachments in Slack.

This also means that you can not specify buttons for your alerts (which are a special kind of attachments in Slack).

If you need this functionality I would suggest contacting the developer of Elastalert.

share|improve this answer

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

add a comment
 | 

0

Looking at the official documentation it appears that Elastalert does not support adding custom Slack attachments for alerts, because there is no property for it in the documentation.

In fact it seams that alerts are already formatted as attachment, which is why you can set a title and a title-URL. And also define additional "fields". Something that you can only do with attachments in Slack.

This also means that you can not specify buttons for your alerts (which are a special kind of attachments in Slack).

If you need this functionality I would suggest contacting the developer of Elastalert.

share|improve this answer

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

add a comment
 | 

Looking at the official documentation it appears that Elastalert does not support adding custom Slack attachments for alerts, because there is no property for it in the documentation.

In fact it seams that alerts are already formatted as attachment, which is why you can set a title and a title-URL. And also define additional "fields". Something that you can only do with attachments in Slack.

This also means that you can not specify buttons for your alerts (which are a special kind of attachments in Slack).

If you need this functionality I would suggest contacting the developer of Elastalert.

share|improve this answer

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

share|improve this answer

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges

answered Mar 28 at 20:53

Erik KalkokenErik Kalkoken

17.2k33 gold badges3131 silver badges5555 bronze badges