sysdiglabs/sysdig-sdk-python

Provide Python Module to silent alert by id or regex keyword

rr-paras-patel opened this issue · 4 comments

rr-paras-patel commented

We have 10 to 20 alerts per application type and alerts name keep changing.
We Need python method which searches alerts by keyword and silent/flip alert status.
existing implementation silent by alert name really doesn't make sense. to use in the automation world. Nobody is willing to hardcode their CI/CD pipeline with alert name.

davideschiera commented

@patelparas I think you are referring to the flip_alerts_enabled.py example.

If that's the case, note that examples are mainly meant to show capabilities more than targeting a specific use case (even though many examples could be used as-is).

What I'd recommend is customizing the Python script so that the alert list is filtered according to the logic that fit your use case, so that then alerts can be properly enabled/disabled. See https://github.com/draios/python-sdc-client/blob/90caf135df6b00dbc82820a51b343042a1284e16/examples/flip_alerts_enabled.py#L52.

Alternatively, the example could be changed to accept a parameter that defines whether the pattern should be used as full match or regular expression. The example would become a little more generic to fit your use case.

Would you be interested in submitted a PR for these changes? It'd be very appreciated :-)

anilgupt041991 commented

@davideschiera I work with @patelparas and I have create a pull request in response to this issue please review.

davideschiera commented

Thanks @anilgupt041991, I appreciate the help here!

I wonder if changes could be applied to the existing script instead of a new example (mainly to keep example codebase manageable ;-) ).

One idea that came to mind while reading this issue was:

  1. the script could accept other parameters in addition to -a/--alert: Think about --alert-pattern or --alert-id
  2. I like the idea of accepting a list of values, although I'd probably accept more conventional separators such as , or ;
  3. The only additional change to handle the new parameter would be https://github.com/draios/python-sdc-client/blob/90caf135df6b00dbc82820a51b343042a1284e16/examples/flip_alerts_enabled.py#L52, where you could either check the name, or use the regex, or even the alert id

Does this make sense? Thanks!

rr-paras-patel commented

@davideschiera yes it works with regex, alertname or alertid option.