-
Notifications
You must be signed in to change notification settings - Fork 792
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: rule engine (do not merge) (#620)
Co-authored-by: Tal Borenstein <[email protected]>
- Loading branch information
Showing
30 changed files
with
4,222 additions
and
1,826 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
title: "Alert grouping" | ||
--- | ||
|
||
The Keep Rule Engine is a versatile tool for grouping and consolidating alerts. | ||
This guide explains the core concepts, usage, and best practices for effectively utilizing the rule engine. | ||
|
||
<Note>Access the Rule Engine UI through the Keep platform by navigating to the Rule Builder section.</Note> | ||
|
||
## Core Concepts | ||
- **Rule definition**: A rule in Keep is a set of conditions that, when met, creates an alert group. | ||
- **Alert attributes**: These are characteristics or data points of an alert, such as source, severity, or any attribute an alert might have. | ||
- **Conditions and logic**: Rules are built by defining conditions based on alert attributes, using logical operators (like AND/OR) to combine multiple conditions. | ||
|
||
## Creating Rules | ||
Creating a rule involves defining the conditions under which an alert should be categorized or actions should be grouped. | ||
|
||
1. **Accessing the Rule Engine**: Navigate to the Rule Engine section in the Keep platform. | ||
2. **Defining rule criteria**: | ||
- **Name the rule**: Assign a descriptive name that reflects its purpose. | ||
- **Set conditions**: Use alert attributes to create conditions. For example, a rule might specify that an alert with a severity of 'critical' and a source of 'Prometheus' should be categorized as 'High Priority'. | ||
- **Logical grouping**: Combine conditions using logical operators to form comprehensive rules. | ||
|
||
## Examples | ||
- **Metric-based alerts**: Construct a rule to pinpoint alerts associated with specific metrics, such as high CPU usage on servers. This can be achieved by grouping alerts that share a common attribute, like a 'CPU usage' tag, ensuring you quickly identify and address performance issues. | ||
- **Feature-related alerts**: Establish rules to organize alerts by specific features or services. For instance, you can group alerts based on a 'service' or 'URL' tag. This approach is particularly useful for tracking and managing alerts related to distinct functionalities or components within your application. | ||
- **Team-based alert management**: Implement rules to categorize alerts according to team responsibilities. This might involve grouping alerts based on the systems or services a particular team oversees. Such a strategy ensures that alerts are promptly directed to the appropriate team, enhancing response times and efficiency. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# if no acknowledgement has been recieved (updated in index) for x (from config index) time, i want to escalate it to next level of people | ||
workflow: | ||
id: elastic-enrich | ||
description: escalate-if-needed | ||
triggers: | ||
# run every minute | ||
- type: interval | ||
value: 1m | ||
steps: | ||
# first, query the ack index to check if there are any alerts that have not been acknowledged | ||
- name: query-ack-index | ||
type: elastic | ||
config: " {{ providers.elastic }} " | ||
with: | ||
index: your_ack_index | ||
query: | | ||
{ | ||
"query": { | ||
"bool": { | ||
"must": [ | ||
{ | ||
"match": { | ||
"acknowledged": false | ||
} | ||
} | ||
] | ||
} | ||
} | ||
} | ||
- name: query-config-index | ||
type: elastic | ||
config: " {{ providers.elastic }} " | ||
with: | ||
index: your_config_index | ||
query: | | ||
{ | ||
"query": { | ||
"bool": { | ||
"must": [ | ||
{ | ||
"match": { | ||
"config": true | ||
} | ||
} | ||
] | ||
} | ||
} | ||
} | ||
- name: query-people-index | ||
type: elastic | ||
config: " {{ providers.elastic }} " | ||
with: | ||
index: your_people_index | ||
query: | | ||
{ | ||
"query": { | ||
"bool": { | ||
"must": [ | ||
{ | ||
"match": { | ||
"people": true | ||
} | ||
} | ||
] | ||
} | ||
} | ||
} | ||
# now, we have the results from the ack index, config index, and people index | ||
actions: | ||
- name: escalate-if-needed | ||
# if there are any alerts that have not been acknowledged | ||
if: "{{ query-ack-index.hits.total.value }} > 0" | ||
provider: | ||
type: slack # or email or whatever you want | ||
config: " {{ providers.slack }} " | ||
with: | ||
message: | | ||
"A unacknowledged alert has been found: {{ query-ack-index.hits.hits }} {{ query-config-index.hits.hits }} {{ query-people-index.hits.hits }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import { Title, Subtitle } from "@tremor/react"; | ||
|
||
export default function Layout({ children }: { children: any }) { | ||
return ( | ||
<> | ||
<main className="p-4 md:p-10 mx-auto max-w-full"> | ||
<Title>Alert Groups</Title> | ||
<Subtitle> | ||
Group multiple alerts into single alert | ||
</Subtitle> | ||
{children} | ||
</main> | ||
</> | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
import RulesPage from "./rules.client"; | ||
|
||
|
||
export default function Page() { | ||
return <RulesPage />; | ||
} | ||
|
||
export const metadata = { | ||
title: "Keep - Rules", | ||
description: "Create Keep Rules.", | ||
}; |
Oops, something went wrong.
46aa3a7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Successfully deployed to the following URLs:
keep – ./
keep-eight.vercel.app
keep-keephq.vercel.app
platform.keephq.dev
keep-git-main-keephq.vercel.app