Workflow Examples

Slack Webhook Message on Specific Monitor

This workflow is triggered by issue with filter of alertname: Workload Pods Crashed Monitor . Which means only issues created by the monitor named "Workload Pods Crashed Monitor" will trigger the workflow, in this example we use a slack message action using labels from the issue.

workflow: 
  id: slack-alert-on-crashed-pods
  description: Send a slack message on Workload Pods Crashed Monitor 
  triggers:
    - type: alert
      filters:
        - key: alertname
          value: Workload Pods Crashed Monitor
  actions:
    - name: trigger-slack
      provider:
        type: slack
        config: '{{ providers.slack_webhook }}'
        with:
          message: "Pod Crashed - Pod: {{ alert.labels.pod_name }} Container: {{ alert.labels.container }} Exit Code: {{ alert.labels.exit_code }} Reason: {{ alert.labels.reason }}"

Send Only Firing Alerts

In some cases, you may want to avoid sending resolved alerts to your integrations—this prevents incidents from being automatically marked as “resolved” in tools like PagerDuty.

To achieve this, you can add a condition to your action that ensures only firing alerts are sent. Here’s an example of how to configure it in your workflow:

workflow:
  id: send-pagerduty-only-firing
  description: ""
  triggers:
  - type: alert
  name: send-pagerduty-only-firing
  actions:
  - if: '{{ alert.status }} == "firing"'
    name: pagerduty-action
    provider:
      config: "{{ provider.pager_duty_prod }}"
      type: pagerduty
      with:
        title: "{{ alert.alertname }}"

This configuration uses an if condition to check that the alert’s status is firing before executing the PagerDuty action - line 8.

Slack Webhook Message on Issue

workflow: 
  id: slack-webhook
  description: Send a slack message on alerts
  triggers:
    - type: alert
  actions:
    - name: trigger-slack
      provider:
        type: slack
        config: ' {{ providers.slack_webhook }} '
        with:
          blocks:
          - type: header
            text:
              type: plain_text
              text: ':rotating_light: {{ alert.labels.alertname }} :rotating_light:'
              emoji: true
          - type: divider
          - type: section
            fields:
            - type: mrkdwn
              text: |-
                *Cluster:*
                {{ alert.labels.cluster}}
            - type: mrkdwn
              text: |-
                *Namespace:*
                {{ alert.labels.namespace}}
            - type: mrkdwn
              text: |-
                *Workload:*
                {{ alert.labels.workload}}

Create Jira Ticket Using Webhook

See Jira Webhook Integration for setting up the integration

Replace in this workflow these by using your values: <issue_id>, <project_id>

Replace in this workflow <integration_name> based on your created integration name.

workflow:
  id: jira_ticket_creation
  description: Create a Jira Ticket
  triggers:
  - type: alert
  consts:
    description: keep.dictget( {{ alert.annotations }}, "_gc_description", '')
    title: keep.dictget( {{ alert.annotations }}, "_gc_issue_header", "{{ alert.alertname }}")
  name: jira_ticket_creation
  actions:
  - name: webhook
    provider:
      config: ' {{ providers.<integration_name> }} '
      type: webhook
      with:
        body:
          fields:
            description: '{{ consts.description }}'
            issuetype:
              id: <issue_id>
            project:
              id: <project_id>
            summary: '{{ consts.title }}'

Last updated 1 month ago

workflow: id: slack-alert-on-crashed-pods description: Send a slack message on Workload Pods Crashed Monitor triggers: - type: alert filters: - key: alertname value: Workload Pods Crashed Monitor actions: - name: trigger-slack provider: type: slack config: '{{ providers.slack_webhook }}' with: message: "Pod Crashed - Pod: {{ alert.labels.pod_name }} Container: {{ alert.labels.container }} Exit Code: {{ alert.labels.exit_code }} Reason: {{ alert.labels.reason }}"

workflow: id: send-pagerduty-only-firing description: "" triggers: - type: alert name: send-pagerduty-only-firing actions: - if: '{{ alert.status }} == "firing"' name: pagerduty-action provider: config: "{{ provider.pager_duty_prod }}" type: pagerduty with: title: "{{ alert.alertname }}"

workflow: id: slack-webhook description: Send a slack message on alerts triggers: - type: alert actions: - name: trigger-slack provider: type: slack config: ' {{ providers.slack_webhook }} ' with: blocks: - type: header text: type: plain_text text: ':rotating_light: {{ alert.labels.alertname }} :rotating_light:' emoji: true - type: divider - type: section fields: - type: mrkdwn text: |- *Cluster:* {{ alert.labels.cluster}} - type: mrkdwn text: |- *Namespace:* {{ alert.labels.namespace}} - type: mrkdwn text: |- *Workload:* {{ alert.labels.workload}}

workflow: id: jira_ticket_creation description: Create a Jira Ticket triggers: - type: alert consts: description: keep.dictget( {{ alert.annotations }}, "_gc_description", '') title: keep.dictget( {{ alert.annotations }}, "_gc_issue_header", "{{ alert.alertname }}") name: jira_ticket_creation actions: - name: webhook provider: config: ' {{ providers.<integration_name> }} ' type: webhook with: body: fields: description: '{{ consts.description }}' issuetype: id: <issue_id> project: id: <project_id> summary: '{{ consts.title }}'