class Splunk::Pickaxe::Alerts
Public Instance Methods
alert_defaults()
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 46 def alert_defaults { # Default to include the environment name in the alert name 'pickaxe.environment.in.name' => true, # Who to email 'action.email.to' => pickaxe_config.emails.join(','), # How often to run alert (every hour) 'cron_schedule' => '0 * * * *', 'is_scheduled' => '1', # Email subject 'action.email.subject' => 'Splunk Alert: $name$', 'action.email.subject.alert' => 'Splunk Alert: $name$', # Email result formatting (inline results, table format, include alert link) 'action.email.format' => 'table', 'action.email.inline' => '1', 'action.email.include.view_link' => '1', # Is an email alert 'actions' => 'email', 'action.email.sendresults' => '1', # Alert severity (High) 'alert.severity' => '4', # When to trigger alert 'alert_type' => 'number of events', 'alert_comparator' => 'greater than', 'alert_threshold' => '0', # The time bounds for alert search 'dispatch.earliest_time' => '-1h', 'dispatch.latest_time' => 'now', # Track alerts 'alert.track' => '1', # Don't supress any alerts 'alert.suppress' => '0' } end
entity_dir()
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 16 def entity_dir DIR end
entity_file_path(splunk_entity)
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 20 def entity_file_path(splunk_entity) File.join( pickaxe_config.execution_path, entity_dir, entity_file_name(splunk_entity) ) end
name(entity)
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 27 def name(entity) # The alert name contains the environment name if splunk_config(entity)['pickaxe.environment.in.name'] return "#{entity['name']} [#{environment.capitalize}]" end entity['name'] end
splunk_config(entity_yaml)
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 36 def splunk_config(entity_yaml) # Include default values config = alert_defaults # Override defaults with any config provided in yaml config.merge! entity_yaml['config'] config end
splunk_entity_keys()
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 91 def splunk_entity_keys Splunk::Pickaxe::ALERT_KEYS end
splunk_resource()
click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 12 def splunk_resource %w[saved searches] end