Example: Prometheus AlertManager (Red Hat OpenShift) generic webhook event mappings
Review the following example mappings for a generic webhook connection between IBM Cloud Pak for Watson AIOps and Prometheus AlertManager (Red Hat OpenShift). Use these mappings to help you configure your own event mapping for a generic webhook connection.
- Example event (alert) JSON
- Example event mapping JSONata expression
- Example event result JSON
- Example Curl Command
Example event (alert) JSON
{
"receiver": "Default",
"status": "firing",
"alerts": [
{
"status": "firing",
"labels": {
"alertname": "PrometheusMissingRuleEvaluations",
"container": "kube-rbac-proxy",
"endpoint": "metrics",
"instance": "10.254.40.166:9092",
"job": "prometheus-k8s",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"pod": "prometheus-k8s-1",
"prometheus": "openshift-monitoring/k8s",
"rule_group": "/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-kube-apiserver-kube-apiserver-slos-94dbc1dd-b771-4899-8c8f-54c0f5353e04.yaml;kube-apiserver.rules",
"service": "prometheus-k8s",
"severity": "warning"
},
"annotations": {
"description": "Prometheus openshift-monitoring/prometheus-k8s-1 has missed 1 rule group evaluations in the last 5m.",
"summary": "Prometheus is missing rule evaluations due to slow rule group evaluation."
},
"startsAt": "2023-06-01T17:02:53.691Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=increase%28prometheus_rule_group_iterations_missed_total%7Bjob%3D~%22prometheus-k8s%7Cprometheus-user-workload%22%7D%5B5m%5D%29+%3E+0&g0.tab=1",
"fingerprint": "24ad9e973e22bdce"
},
{
"status": "firing",
"labels": {
"alertname": "AlertmanagerReceiversNotConfigured",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"prometheus": "openshift-monitoring/k8s",
"severity": "warning"
},
"annotations": {
"description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.",
"summary": "Receivers (notification integrations) are not configured on Alertmanager"
},
"startsAt": "2023-04-26T19:27:36.642Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=cluster%3Aalertmanager_integrations%3Amax+%3D%3D+0&g0.tab=1",
"fingerprint": "72bc0ebbd3167d00"
}
],
"groupLabels": {
"namespace": "openshift-monitoring"
},
"commonLabels": {
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"prometheus": "openshift-monitoring/k8s",
"severity": "warning"
},
"commonAnnotations": {},
"externalURL": "https:///console-openshift-console.apps.example.ibm.com/monitoring",
"version": "4",
"groupKey": "{}:{namespace=\"openshift-monitoring\"}",
"truncatedAlerts": 0
}
Example event mapping JSONata expression
(
/* Set resource based on labels available */
$resource := function($labels){(
$name := $labels.name ? $labels.name
: $labels.statefulset ? $labels.statefulset
: $labels.deployment ? $labels.deployment
: $labels.daemonset ? $labels.daemonset
: $labels.pod ? $labels.pod
: $labels.container ? $labels.container
: $labels.instance ? $labels.instance
: $labels.app ? $labels.app
: $labels.job_name ? $labels.job_name
: $labels.job ? $labels.job
: $labels.type ? $labels.type: $labels.prometheus;
$labels.namespace ? ($name & '/' & $labels.namespace): $name;
)
};
/* Map to event schema */
alerts.(
{
"summary": annotations.summary ? annotations.summary: annotations.description ? annotations.description : annotations.message ? annotations.message,
"severity": $lowercase(labels.severity) = "critical" ? 6 : $lowercase(labels.severity) = "major" ? 5 : $lowercase(labels.severity) = "minor" ? 4 : $lowercase(labels.severity) = "warning" ? 3 : 1,
"resource": {
"name": $resource(labels)
},
"type": {
"eventType": $lowercase(status) = "firing" ? "problem": "resolution",
"classification": labels.alertname
},
"links": [
{
"url": generatorURL
}
],
"sender": {
"name": "Prometheus",
"type": "Webhook Connector"
},
"details": labels
}
)
)
Example event result JSON
The following example shows the JSON result that creates an array of events. The generic webhook connector creates a CloudEvent for each element in the array.
[
{
"occurrenceTime": "2023-06-07T14:49:53Z",
"summary": "Prometheus is missing rule evaluations due to slow rule group evaluation.",
"severity": 3,
"type": {
"eventType": "problem",
"classification": "PrometheusMissingRuleEvaluations",
"condition": null
},
"sender": {
"name": "Prometheus",
"type": "Webhook Connector"
},
"resource": {
"name": "prometheus-k8s-1/openshift-monitoring"
},
"links": [
{
"linkType": null,
"name": null,
"description": null,
"url": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=increase%28prometheus_rule_group_iterations_missed_total%7Bjob%3D~%22prometheus-k8s%7Cprometheus-user-workload%22%7D%5B5m%5D%29+%3E+0&g0.tab=1"
}
],
"details": {
"alertname": "PrometheusMissingRuleEvaluations",
"container": "kube-rbac-proxy",
"endpoint": "metrics",
"instance": "10.254.40.166:9092",
"job": "prometheus-k8s",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"pod": "prometheus-k8s-1",
"prometheus": "openshift-monitoring/k8s",
"rule_group": "/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-kube-apiserver-kube-apiserver-slos-94dbc1dd-b771-4899-8c8f-54c0f5353e04.yaml;kube-apiserver.rules",
"service": "prometheus-k8s",
"severity": "warning"
}
},
{
"occurrenceTime": "2023-06-07T14:49:53Z",
"summary": "Receivers (notification integrations) are not configured on Alertmanager",
"severity": 3,
"type": {
"eventType": "problem",
"classification": "AlertmanagerReceiversNotConfigured",
"condition": null
},
"sender": {
"name": "Prometheus",
"type": "Webhook Connector"
},
"resource": {
"name": "openshift-monitoring/k8s/openshift-monitoring"
},
"links": [
{
"linkType": null,
"name": null,
"description": null,
"url": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=cluster%3Aalertmanager_integrations%3Amax+%3D%3D+0&g0.tab=1"
}
],
"details": {
"alertname": "AlertmanagerReceiversNotConfigured",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"prometheus": "openshift-monitoring/k8s",
"severity": "warning"
}
}
]
Example Curl Command
# Webhook details
WEBHOOK_URL=https://webhook-connector-cc1c414f-f356-4ae8-bd61-a85e56d18cf4-aiops.apps.example.ibm.com/webhook-connector/asy2gjgcebu
AUTH=test:test
# Send payload
curl -X POST -u ${AUTH} --insecure -d '{
"receiver": "Default",
"status": "firing",
"alerts": [
{
"status": "firing",
"labels": {
"alertname": "PrometheusMissingRuleEvaluations",
"container": "kube-rbac-proxy",
"endpoint": "metrics",
"instance": "10.254.40.166:9092",
"job": "prometheus-k8s",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"pod": "prometheus-k8s-1",
"prometheus": "openshift-monitoring/k8s",
"rule_group": "/etc/prometheus/rules/prometheus-k8s-rulefiles-0/openshift-kube-apiserver-kube-apiserver-slos-94dbc1dd-b771-4899-8c8f-54c0f5353e04.yaml;kube-apiserver.rules",
"service": "prometheus-k8s",
"severity": "warning"
},
"annotations": {
"description": "Prometheus openshift-monitoring/prometheus-k8s-1 has missed 1 rule group evaluations in the last 5m.",
"summary": "Prometheus is missing rule evaluations due to slow rule group evaluation."
},
"startsAt": "2023-06-01T17:02:53.691Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=increase%28prometheus_rule_group_iterations_missed_total%7Bjob%3D~%22prometheus-k8s%7Cprometheus-user-workload%22%7D%5B5m%5D%29+%3E+0&g0.tab=1",
"fingerprint": "24ad9e973e22bdce"
},
{
"status": "firing",
"labels": {
"alertname": "AlertmanagerReceiversNotConfigured",
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"prometheus": "openshift-monitoring/k8s",
"severity": "warning"
},
"annotations": {
"description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.",
"summary": "Receivers (notification integrations) are not configured on Alertmanager"
},
"startsAt": "2023-04-26T19:27:36.642Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "https://prometheus-k8s-openshift-monitoring.apps.example.ibm.com/graph?g0.expr=cluster%3Aalertmanager_integrations%3Amax+%3D%3D+0&g0.tab=1",
"fingerprint": "72bc0ebbd3167d00"
}
],
"groupLabels": {
"namespace": "openshift-monitoring"
},
"commonLabels": {
"namespace": "openshift-monitoring",
"openshift_io_alert_source": "platform",
"prometheus": "openshift-monitoring/k8s",
"severity": "warning"
},
"commonAnnotations": {},
"externalURL": "https:///console-openshift-console.apps.example.ibm.com/monitoring",
"version": "4",
"groupKey": "{}:{namespace=\"openshift-monitoring\"}",
"truncatedAlerts": 0
}' -H 'Content-Type: application/json' ${WEBHOOK_URL}