class Splunk::Pickaxe::Alerts

Public Instance Methods

alert_defaults() click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 46
def alert_defaults
  {
    # Default to include the environment name in the alert name
    'pickaxe.environment.in.name' => true,

    # Who to email
    'action.email.to' => pickaxe_config.emails.join(','),

    # How often to run alert (every hour)
    'cron_schedule' => '0 * * * *',
    'is_scheduled' => '1',

    # Email subject
    'action.email.subject' => 'Splunk Alert: $name$',
    'action.email.subject.alert' => 'Splunk Alert: $name$',

    # Email result formatting (inline results, table format, include alert link)
    'action.email.format' => 'table',
    'action.email.inline' => '1',
    'action.email.include.view_link' => '1',

    # Is an email alert
    'actions' => 'email',
    'action.email.sendresults' => '1',

    # Alert severity (High)
    'alert.severity' => '4',

    # When to trigger alert
    'alert_type' => 'number of events',
    'alert_comparator' => 'greater than',
    'alert_threshold' => '0',

    # The time bounds for alert search
    'dispatch.earliest_time' => '-1h',
    'dispatch.latest_time' => 'now',

    # Track alerts
    'alert.track' => '1',

    # Don't supress any alerts
    'alert.suppress' => '0'
  }
end
entity_dir() click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 16
def entity_dir
  DIR
end
entity_file_path(splunk_entity) click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 20
def entity_file_path(splunk_entity)
  File.join(
    pickaxe_config.execution_path, entity_dir,
    entity_file_name(splunk_entity)
  )
end
name(entity) click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 27
def name(entity)
  # The alert name contains the environment name
  if splunk_config(entity)['pickaxe.environment.in.name']
    return "#{entity['name']} [#{environment.capitalize}]"
  end

  entity['name']
end
splunk_config(entity_yaml) click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 36
def splunk_config(entity_yaml)
  # Include default values
  config = alert_defaults

  # Override defaults with any config provided in yaml
  config.merge! entity_yaml['config']

  config
end
splunk_entity_keys() click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 91
def splunk_entity_keys
  Splunk::Pickaxe::ALERT_KEYS
end
splunk_resource() click to toggle source
# File lib/splunk/pickaxe/objects/alerts.rb, line 12
def splunk_resource
  %w[saved searches]
end