Class: Splunk::Pickaxe::Alerts

Inherits:

Objects

• Object
• Objects
• Splunk::Pickaxe::Alerts

Defined in:

lib/splunk/pickaxe/objects/alerts.rb

Instance Attribute Summary

Attributes inherited from Objects

#environment, #pickaxe_config, #service

Instance Method Summary

• #alert_defaults ⇒ Object
• #entity_dir ⇒ Object
• #entity_file_path(splunk_entity) ⇒ Object
• #name(entity) ⇒ Object
• #splunk_config(entity_yaml) ⇒ Object
• #splunk_entity_keys ⇒ Object
• #splunk_resource ⇒ Object

Methods inherited from Objects

#config, #create, #entity_file_extensions, #entity_file_name, #find, #initialize, #needs_update?, #save, #save_config, #skip?, #sync, #update

Constructor Details

This class inherits a constructor from Splunk::Pickaxe::Objects

Instance Method Details

#alert_defaults ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 42

def alert_defaults
  {
    # Who to email
    'action.email.to' => pickaxe_config.emails.join(','),

    # How often to run alert (every hour)
    'cron_schedule' => '0 * * * *',
    'is_scheduled' => '1',

    # Email subject
    'action.email.subject' => 'Splunk Alert: $name$',
    'action.email.subject.alert' => 'Splunk Alert: $name$',

    # Email result formatting (inline results, table format, include alert link)
    'action.email.format' => 'table',
    'action.email.inline' => '1',
    'action.email.include.view_link' => '1',

    # Is an email alert
    'actions' => 'email',
    'action.email.sendresults' => '1',

    # Alert severity (High)
    'alert.severity' => '4',

    # When to trigger alert
    'alert_type' => 'number of events',
    'alert_comparator' => 'greater than',
    'alert_threshold' => '0',

    # The time bounds for alert search
    'dispatch.earliest_time' => '-1h',
    'dispatch.latest_time' => 'now',

    # Track alerts
    'alert.track' => '1',

    # Don't supress any alerts
    'alert.suppress' => '0'
  }
end

#entity_dir ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 16

def entity_dir
  DIR
end

#entity_file_path(splunk_entity) ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 20

def entity_file_path(splunk_entity)
  File.join(
    pickaxe_config.execution_path, entity_dir,
    entity_file_name(splunk_entity)
  )
end

#name(entity) ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 27

def name(entity)
  # The alert name contains the environment name
  "#{entity['name']} [#{environment.capitalize}]"
end

#splunk_config(entity_yaml) ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 32

def splunk_config(entity_yaml)
  # Include default values
  config = alert_defaults

  # Override defaults with any config provided in yaml
  config.merge! entity_yaml['config']

  config
end

#splunk_entity_keys ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 84

def splunk_entity_keys
  Splunk::Pickaxe::ALERT_KEYS
end

#splunk_resource ⇒ Object

# File 'lib/splunk/pickaxe/objects/alerts.rb', line 12

def splunk_resource
  %w[saved searches]
end