aantn
commented
2 years ago Hi, thank you for reporting. We should definitely fix this.
In the PagerDuty sink we're using Finding.fingerprint which is a hash on the alert name and its labels. I also opened a PR (#528) to fix this for Findings other than AlertManager alerts.
Do you have any interest in attempting to fix this yourself and opening a PR?
You can see the code we use in OpsGenie here:
We also have instructions on setting up your own development environment here:
https://docs.robusta.dev/master/developer-guide/platform/index.html
If you're not interested in working on this yourself, we'll still fix it! But the contribution would be warmly appreciated.
prestonr83
Describe the bug The
aliasin opsgenie is used for deduplication and for reference for closure. However the sink is configured to just send thefinding.title. https://github.com/robusta-dev/robusta/blob/5a6c73ddd3c0933df4258eef9c976a939051bb50/src/robusta/core/sinks/opsgenie/opsgenie_sink.py#L44This causes 2 problems
To Reproduce For example the following alert was fired from 2 different clusters however because the Alias for both alerts is simply 'Prometheus is failing rule evaluations.' It deduplicates the alert as you can see denoted by the x2 under P1 and in the log as well
Because again which you can see if the following example
finding.titleis used when a resolved notice is sent the value offinding.titleis [RESOLVED]So instead of closing the original alert it creates a new alert.
Expected behavior Alerts created from different clusters create Opsgenie alerts for each alert sent Alerts that are resolved are closed in Opsgenie.
The possible fix for both of these issues would be to set the alias to
clustername-alertnameand make sure that same alias is fired for resolved to an additional function that uses the close api call https://docs.opsgenie.com/docs/python-sdk-alert#close-alerts