search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.69k stars 8.24k forks source link

[ResponseOps] [Connectors] Add a template to the Block Kit in the Slack connector #198506

Open adcoelho opened 4 weeks ago

adcoelho commented 4 weeks ago

Summary

The Slack action supports Block Kit. However, its usability(and adoption) could be improved by adding a default template when the Block Kit option is selected. The current default is an empty field.

To view the Block Kit option the Slack connector needs to be configured as Web API. Documentation here.

https://github.com/user-attachments/assets/2d0c4552-d9ba-4b92-be27-fdd70fafaf46

Initial ER https://github.com/elastic/enhancements/issues/21431

elasticmachine commented 4 weeks ago

Pinging @elastic/response-ops (Team:ResponseOps)

simonhearne commented 4 weeks ago

Thanks for raising this issue. I have a few examples that I've created before, it would be great if there was a template option within Kibana enabling users to set default active / recovery messages.

Active

{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "⚠️ {{rule.name}} ⚠️",
                "emoji": true
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": """{{context.reason}}
View rule: <{{rule.url}}|{{rule.name}}>"""
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{{context.alertDetailsUrl}}|View alert>"
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "Alert UUID: `{{alert.uuid}}`"
            }
        }
    ]
}

Recovered

{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "🎉 {{rule.name}} Recovered 🎉",
                "emoji": true
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": """View rule: <{{rule.url}}|{{rule.name}}>"""
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{{context.alertDetailsUrl}}|View alert>"
            }
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "Alert UUID: `{{alert.uuid}}`"
            }
        }
    ]
}

Stretch

As a stretch goal, for some rule types it would be great to include a graph of the relevant data. For example log threshold alert rules could include the graph of logs vs threshold similar to the alert rule preview. Image

pmuellr commented 4 weeks ago

Side note: I haven't played with Blockkit - I really should - but the verbosity in the example above was about what I was expecting - maybe that's why I haven't played with it. 😄

Given our serverless o11y rules we've been authoring, which don't yet use Blockkit (just the old school Mrkdwn formatted string), I can see these are going to get REALLY unwieldy.

So I opened this issue, to look at making the JSON body perhaps easier to read/write by humans: https://github.com/elastic/kibana/issues/198528