Merge github.com:Yelp/elastalert into fix_497

Author: Qmando

docs/source/ruletypes.rst

@@ -1648,6 +1648,15 @@ Optional:
 
 ``opsgenie_priority``: Set the OpsGenie priority level. Possible values are P1, P2, P3, P4, P5.
 
+``opsgenie_details``: Map of custom key/value pairs to include in the alert's details. The value can sourced from either fields in the first match, environment variables, or a constant value.
+
+Example usage::
+
+    opsgenie_details:
+      Author: 'Bob Smith'          # constant value
+      Environment: '$VAR'          # environment variable
+      Message: { field: message }  # field in the first match
+
 SNS
 ~~~
 
@@ -1781,6 +1790,12 @@ Provide absolute address of the pciture, for example: http://some.address.com/im
 
 ``slack_timeout``: You can specify a timeout value, in seconds, for making communicating with Slac. The default is 10. If a timeout occurs, the alert will be retried next time elastalert cycles.
 
+``slack_attach_kibana_discover_url``: Enables the attachment of the ``kibana_discover_url`` to the slack notification. The config ``generate_kibana_discover_url`` must also be ``True`` in order to generate the url. Defaults to ``False``.
+
+``slack_kibana_discover_color``: The color of the Kibana Discover url attachment. Defaults to ``#ec4b98``.
+
+``slack_kibana_discover_title``: The title of the Kibana Discover url attachment. Defaults to ``Discover in Kibana``.
+
 Mattermost
 ~~~~~~~~~~
 

elastalert/alerts.py

@@ -1129,6 +1129,9 @@ def __init__(self, rule):
         self.slack_ignore_ssl_errors = self.rule.get('slack_ignore_ssl_errors', False)
         self.slack_timeout = self.rule.get('slack_timeout', 10)
         self.slack_ca_certs = self.rule.get('slack_ca_certs')
+        self.slack_attach_kibana_discover_url = self.rule.get('slack_attach_kibana_discover_url', False)
+        self.slack_kibana_discover_color = self.rule.get('slack_kibana_discover_color', '#ec4b98')
+        self.slack_kibana_discover_title = self.rule.get('slack_kibana_discover_title', 'Discover in Kibana')
 
     def format_body(self, body):
         # https://api.slack.com/docs/formatting
@@ -1191,6 +1194,15 @@ def alert(self, matches):
         if self.slack_title_link != '':
             payload['attachments'][0]['title_link'] = self.slack_title_link
 
+        if self.slack_attach_kibana_discover_url:
+            kibana_discover_url = lookup_es_key(matches[0], 'kibana_discover_url')
+            if kibana_discover_url:
+                payload['attachments'].append({
+                    'color': self.slack_kibana_discover_color,
+                    'title': self.slack_kibana_discover_title,
+                    'title_link': kibana_discover_url
+                })
+
         for url in self.slack_webhook_url:
             for channel_override in self.slack_channel_override:
                 try:

elastalert/opsgenie.py

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 import json
 import logging
-
+import os.path
 import requests
 
 from .alerts import Alerter
@@ -33,6 +33,7 @@ def __init__(self, *args):
         self.alias = self.rule.get('opsgenie_alias')
         self.opsgenie_proxy = self.rule.get('opsgenie_proxy', None)
         self.priority = self.rule.get('opsgenie_priority')
+        self.opsgenie_details = self.rule.get('opsgenie_details', {})
 
     def _parse_responders(self, responders, responder_args, matches, default_responders):
         if responder_args:
@@ -97,6 +98,10 @@ def alert(self, matches):
         if self.alias is not None:
             post['alias'] = self.alias.format(**matches[0])
 
+        details = self.get_details(matches)
+        if details:
+            post['details'] = details
+
         logging.debug(json.dumps(post))
 
         headers = {
@@ -162,3 +167,19 @@ def get_info(self):
         if self.teams:
             ret['teams'] = self.teams
         return ret
+
+    def get_details(self, matches):
+        details = {}
+
+        for key, value in self.opsgenie_details.items():
+
+            if type(value) is dict:
+                if 'field' in value:
+                    field_value = lookup_es_key(matches[0], value['field'])
+                    if field_value is not None:
+                        details[key] = str(field_value)
+
+            elif type(value) is str:
+                details[key] = os.path.expandvars(value)
+
+        return details

elastalert/schema.yaml

@@ -286,6 +286,9 @@ properties:
   slack_text_string: {type: string}
   slack_ignore_ssl_errors: {type: boolean}
   slack_ca_certs: {type: string}
+  slack_attach_kibana_discover_url {type: boolean}
+  slack_kibana_discover_color {type: string}
+  slack_kibana_discover_title {type: string}
 
   ### Mattermost
   mattermost_webhook_url: *arrayOfString
@@ -298,6 +301,20 @@ properties:
   mattermost_msg_pretext: {type: string}
   mattermost_msg_fields: *mattermostField
 
+  ## Opsgenie
+  opsgenie_details:
+    type: object
+    minProperties: 1
+    patternProperties:
+      "^.+$":
+        oneOf:
+          - type: string
+          - type: object
+            additionalProperties: false
+            required: [field]
+            properties:
+              field: {type: string, minLength: 1}
+
   ### PagerDuty
   pagerduty_service_key: {type: string}
   pagerduty_client_name: {type: string}