Create an alert using API

[zeroware]

Hello, I really like the project so far. I was wondering if It's possible to create an alert using the API. I already have custom app that can call a webhook when an alert is triggered. I'd like to add them into 411.

Edit : TLDR : Can I push an alert to 411 rather than pulling it from ES or Graphite ?

[kiwiz]

Not easily. Every alert is currently tied to a search in 411. If you generate alerts that don't have an associated search, they WILL show up, but some metadata will be missing (because they're pulled from the search):

• Name
• Priority
• Notification target
• Category
• Tags

I've been considering how to do this nicely, but I don't have any great ideas atm.

[zeroware]

Thanks for your answer. I think being able to push alerts is going to be needed if we want to have centralized alerts inside 411. To keep 411 based on "search" we could have something like this :

1. Create a new search type (called push ?)
2. Configure the search with a name , tags etc
3. Upon configuration 411 will display a webhook URL for this search (example : example.org/webhook/push/search-name?key=unique-key)
4. Executing a HTTP POST with params format to be defined (I like the alert format of alerta : http://docs.alerta.io/en/latest/api/alert.html) on this URL will generate an alert.

[kiwiz]

Oh, that sounds reasonable. I'll have a go at implementing this later this week.

[kiwiz]

I'm debating whether I should denormalize search information into each alert. It would be the cleanest way to support pushing alerts into 411. The downside is that denormalization means things will fall out of sync. @Kennysan any thoughts?

[Kennysan]

TBH that's a pretty big change to be able to support "pushing" alerts and requires having ways to update alert information fairly regularly or at least ensure the data doesn't get stale.

[zeroware]

@Kennysan Haven't thought about updating alerts. For me alerts are immutable. You need to get a trace of everything that has happened.

I can always add my custom alerts has ES documents and then create a search for them inside 411… But it's kinda hacky..

[kiwiz]

I think denormalizing alert data is reasonable as long as it's mentioned in the docs. Work on that is happening in this branch: https://github.com/etsy/411/tree/heavy_alerts. No promises yet on when that will be usable.

[kiwiz]

@zeroware I opted for a simpler implementation (what you initially proposed) as it's backwards compatible. I'll likely have something ready for testing later this week.

[zeroware]

@kiwiz Nice ! Is there a branch where I can follow this feature ?

[kiwiz]

Yup, https://github.com/etsy/411/tree/push

[zeroware]

Ok will try the branch asap.

[kiwiz]

Branch is ready for testing. Steps:

• Pull the code
• Run bin/migration.php to update the db
• Configure a new Push Search
• Grab your api key from your user page (https://HOST/user/USER_ID)
• Submit a test request. Example: curl -v -X POST -H 'X-API-KEY: KEY_GOES_HERE' 'https://HOST/api/alert/push?search_id=20' -d '[{"alert_date":123, "content":{"a":"b"}}]'

[kiwiz]

Merged into master.