Trigger Notifications & Alerts

Trigger Notifications

Overview

Trigger notifications allow you set powerful triggers on any of your data that drives an action.

  1. Click on any settings on the left hand menu. Click Alerts --> Trigger Notifications.
  2. Choose the dataset you want to alert on. A dataset is typically a query you've defined previously.
  3. Enter Cloud9QL for the alert condition. An trigger email or a trigger webhook can be generated as an action driving the alert.

Example:

Assume a simple dataset contains a timestamp and some value. Let's say that you'd like to generate an alert when the 3 period moving average is under a threshold.

select sma(val,3) as moving average, timestamp order by timestamp desc limit 1;
select * where moving average < 2

The statement above first determines the 3 period moving average for last data point, to then pass the results of the first into the second statement where it evaluates for a threshold of 2.

An action can be configured (email/webhooks) when the condition is met that will include the results of the queries.

You have also option to set "Skip Alert if data is same as last alert". When set, if the alert data is the same as last time when alert was triggered (results after Cloud9QL), then the action will not be triggered. This is useful to avoid repetitive alerts.

Alert Frequency dictates how often to run the alert check on.

Enable realtime option underneath allows you to trigger the alert every time dataset is updated, hence it can only be used with non direct datasets.

A separate dataset can be sent for a trigger condition using the 'Attach additional results' option. That allows you to attach a separate dataset with associated Cloud9QL (optionally manipulate the results) for the notification.

image alt text

Actions - Email

To send an email when alert is triggered, in the Alert Actions section please set checkbox to Send Email. To send to multiple recipients, add comma separated email addresses.

The email template contains text which will be the body of the mail. This text can contains such tags:

For the email conditional alert you have options:

You can select none, one, or both options. If both options selected, both CSV files will be attached to the mail.

Actions - Webhooks

Webhooks allow you trigger actions in your application for a given condition triggered by an alert. When the condition is triggered, we'll send a POST request with JSON payload of the data which you can use to drive action within your application (or third party applications).

To turn on, set Webhook checkbox on the alert configuration screen. There you will see a drop-down list of available Webhooks you've configured previously. To create a new webhook, click on "Add Webhook".

The data in the POST will be JSON formatted dataset of either the full raw dataset for which the alert is generated, or the dataset after cloud9QL which triggered the alert. Additionally, you can use Cloud9QL to make any adjustments to the data before posting.

For basic scenario you need only url of the remote endpoint, for example: https://somehost.com/someEndpoint.

In cases where you need to call an authentication end point first to obtain a token, which is then passed into the actual POST request, use the Authentication URL to along with any Authentication headers. This will invoke a separate POST call to obtain an auth token first, which can be subsequently passed as a token into the Headers section:

Example: Authorization: Bearer {access_token}

If you want to post-process the data got from alert, before sending it as POST, you can fill the "Cloud9QL filter before POST". For example, you have dataset with users. And you have alert Cloud9QL query to select users by cart items count more than 2:

select * where cart_items > 2;

If you want push full result of this above alert Cloud9QL to Webhook as POST, then you leave the "Cloud9QL filter before POST" empty. If you want filter it first before sending as POST, then you should fill it. So if you want to get subset of users which have cart items more than 2 and let's assume for example you want to POST only data with users with age greater than 20, and order by age descending and show only first 10, then fill such "Cloud9QL filter before POST":

select * where age > 20 order by age desc limit 10;

Data sent will be in JSON array form. Example:

 [
    {
        "a":1,
        "b":2
    },
    {
        "x":100,
        "y":101
    }
 ]

Actions - Slack

Slack integration allows you trigger actions in your slack channel(s) for a given condition triggered by an alert. When the condition is triggered, we'll send a message to a predefined channel(s) including the attachment of full data or conditional data depends on the options selected.

To turn on, set Slack checkbox on the alert configuration screen. There you will see a drop-down list of available slack integrations you've configured previously. To create a new slack integration, click on "Add Slack".

The data in the slack channel(s) will include the default notification message, unless you specify it explicitly with "Slack Message" text box, formatted dataset of either the full raw dataset for which the alert is generated, or the dataset after cloud9QL which triggered the alert. Additionally, you can use Cloud9QL to make any adjustments to the data before posting.

Dataset DATASET_NAME has not been updated since LAST_MODIFY_DATE;   ? for Dataset not updated alerts
Knowi Trigger Notification;                                         ? for Trigger notification alerts

For basic scenario you will need to pass via slack authentication flow to install the application with access to read the workspace channels, post messages and upload files on behalf of a bot user. After you pass the authentication successfully we will store a token dedicated, which will be used all the way further, until you uninstall the application or the token is revoked in such a way you will be forced to pass through the same flow again.

As soon as authentication is completed the application will be installed and we are ready to select the channel(s) through "Slack Channels" list to post to and name our integration this is a barrier minimum to begin with.

Additionally for the slack based alerts the following options could be included:

Dataset Update Alerts

For datasets that use the ElasticStore to track results, use Data Update Alerts to raise alerts when the data is not updated upon an expected interval. This is available under Settings --> Alerts --> Add Data Update Alerts.

Cloud9 Agent Alerts

If you are using Cloud9 Agents inside your infrastructure, you can configure alerts to be sent when the agent is no longer active. Available under the Agents listing page: Agent alerts