Skip to content

Commit

Permalink
feat(api): kibana 8.16.0 (#3242)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shahargl
shahargl authored Jan 30, 2025
1 parent 83022a2 commit 418d0e6
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 38 deletions.
86 changes: 49 additions & 37 deletions keep/providers/kibana_provider/kibana_provider.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import dataclasses
import datetime
import json
import logging
import uuid
from typing import Literal, Union
from urllib.parse import urlparse
Expand Down Expand Up @@ -59,35 +60,11 @@ class KibanaProvider(BaseProvider):
DEFAULT_TIMEOUT = 10
WEBHOOK_PAYLOAD = json.dumps(
{
"actionGroup": "{{alert.actionGroup}}",
"status": "{{alert.actionGroupName}}",
"actionSubgroup": "{{alert.actionSubgroup}}",
"isFlapping": "{{alert.flapping}}",
"id": "{{alert.id}}",
"fingerprint": "{{alert.id}}",
"url": "{{context.alertDetailsUrl}}",
"context.message": "{{context.message}}",
"context.hits": "{{context.hits}}",
"context.link": "{{context.link}}",
"context.query": "{{context.query}}",
"context.title": "{{context.title}}",
"context.cloud": "{{context.cloud}}",
"context.container": "{{context.container}}",
"context.group": "{{context.group}}",
"context.host": "{{context.host}}",
"context.labels": "{{context.labels}}",
"context.orchestrator": "{{context.orchestrator}}",
"description": "{{context.reason}}",
"contextTags": "{{context.tags}}",
"context.timestamp": "{{context.timestamp}}",
"context.value": "{{context.value}}",
"lastReceived": "{{date}}",
"ruleId": "{{rule.id}}",
"rule.spaceId": "{{rule.spaceId}}",
"ruleUrl": "{{rule.url}}",
"ruleTags": "{{rule.tags}}",
"name": "{{rule.name}}",
"rule.type": "{{rule.type}}",
"webhook_body": {
"context_info": "{{#context}}{{.}}{{/context}}",
"alert_info": "{{#alert}}{{.}}{{/alert}}",
"rule_info": "{{#rule}}{{.}}{{/rule}}",
}
}
)

Expand Down Expand Up @@ -567,48 +544,83 @@ def _format_alert(
event: dict, provider_instance: "BaseProvider" = None
) -> AlertDto | list[AlertDto]:
"""
Formats an alert from Kibana to a standard format.
Formats an alert from Kibana to a standard format, supporting both old and new webhook formats.
Args:
event (dict): The event from Kibana
event (dict): The event from Kibana, either in legacy or new webhook format
provider_instance: The provider instance (optional)
Returns:
AlertDto | list[AlertDto]: The alert in a standard format
"""

# If this is coming from Kibana Watcher
logger = logging.getLogger(__name__)
if "payload" in event:
return KibanaProvider.format_alert_from_watcher(event)

# Check if this is the new webhook format
# New Kibana webhook format
if "webhook_body" in event:
# Parse the JSON strings from the new format
try:
context_info = json.loads(event["webhook_body"]["context_info"])
alert_info = json.loads(event["webhook_body"]["alert_info"])
rule_info = json.loads(event["webhook_body"]["rule_info"])

# Construct event dict in old format for compatibility
event = {
"actionGroup": alert_info.get("actionGroup"),
"status": alert_info.get("actionGroupName"),
"actionSubgroup": alert_info.get("actionSubgroup"),
"isFlapping": alert_info.get("flapping"),
"kibana_alert_id": alert_info.get("id"),
"fingerprint": alert_info.get("uuid"),
"url": context_info.get("alertDetailsUrl"),
"context.message": context_info.get("message"),
"context.hits": context_info.get("matchingDocuments"),
"context.link": context_info.get("viewInAppUrl"),
"context.query": rule_info.get("params", {}).get("criteria"),
"context.title": rule_info.get("name"),
"description": context_info.get("reason"),
"lastReceived": context_info.get("timestamp"),
"ruleId": rule_info.get("id"),
"rule.spaceId": rule_info.get("spaceId"),
"ruleUrl": rule_info.get("url"),
"ruleTags": rule_info.get("tags", []),
"name": rule_info.get("name"),
"rule.type": rule_info.get("type"),
}
except json.JSONDecodeError as e:
logger.error(f"Error parsing new webhook format: {e}")
# Fall through to process as old format

# Process tags and labels (works for both old and new formats)
labels = {}
tags = event.get("ruleTags", [])
for tag in tags:
# if the tag is a key=value pair
if "=" in tag:
key, value = tag.split("=", 1)
labels[key] = value

# same with contextTags
context_tags = event.get("contextTags", [])
for tag in context_tags:
# if the tag is a key=value pair
if "=" in tag:
key, value = tag.split("=", 1)
labels[key] = value

environment = labels.get("environment", "undefined")

# format status and severity to Keep format
# Format status and severity
event["status"] = KibanaProvider.STATUS_MAP.get(
event.get("status"), AlertStatus.FIRING
)
event["severity"] = KibanaProvider.SEVERITIES_MAP.get(
event.get("severity"), AlertSeverity.INFO
)

# Handle URL fallback
if not event.get("url"):
event["url"] = event.get("ruleUrl")
# if still no url, popt it
if not event.get("url"):
event.pop("url", None)

Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "keep"
version = "0.35.7"
version = "0.35.8"
description = "Alerting. for developers, by developers."
authors = ["Keep Alerting LTD"]
packages = [{include = "keep"}]
Expand Down

0 comments on commit 418d0e6

Please sign in to comment.