Creating Findings¶
Motivation¶
Playbooks should use the Findings API to display output. They should not send output directly to Slack or other destinations.
By using the Findings API, your playbook will support Slack, MSTeams, and other sinks.
Basic Usage¶
Playbooks can call event.add_enrichment to add to the playbook's output. For example:
@action
def test_playbook(event: ExecutionBaseEvent):
event.add_enrichment(
[
MarkdownBlock(
"This is a *markdown* message. Here are some movie characters:"
),
TableBlock(
[["Han Solo", "Star Wars"], ["Paul Atreides", "Dune"]],
["name", "movie"],
),
]
)
When playbooks finish running, their output is sent to the configured sinks. Here is output for the above example:
Core Concepts¶
The Findings API has four important concepts:
- Finding
An event, like a Prometheus alert or a deployment update.
- Enrichment
Details about a Finding, like the labels for a Prometheus alert or a deployment's YAML before and after the update.
- Block
A visual element, like a paragraph, an image, or a table.
- Sink
A destination Findings are sent to, like Slack, MSTeams, Kafka topics
Here is an example showing the above concepts:
![digraph {
compound=true;
rankdir=TB
fixedsize=true;
node [ fontname="Handlee"
fixedsize=true
width=2
height=1
];
subgraph cluster_finding {
label=<Finding<BR /><BR /><I><FONT POINT-SIZE="9">HighCPU Alert</FONT></I>>;
subgraph cluster_enrichment1 {
label=<Enrichment<BR /><BR /><I><FONT POINT-SIZE="9">Prometheus Labels</FONT></I>>;
block1 [
label = <TableBlock<BR /><BR /><I><FONT POINT-SIZE="9">pod=my-pod<BR />namespace=default</FONT></I>>;
]
}
subgraph cluster_enrichment2 {
label=<Enrichment<BR /><BR /><I><FONT POINT-SIZE="9">CPU Profile Result</FONT></I>>;
rank=same;
block2 [
label = <MarkdownBlock<BR /><BR /><I><FONT POINT-SIZE="9">Explanation</FONT></I>>;
]
block3 [
label = <FileBlock<BR /><BR /><I><FONT POINT-SIZE="9">Profiler Result</FONT></I>>;
]
}
}
slack_sink [
label = <Slack Sink>;
]
msteams_sink [
label = <MSTeams Sink>;
]
more_sinks [
label = <...>;
]
block2 -> slack_sink, more_sinks, msteams_sink [ltail=cluster_finding minlen=2];
}](../../../_images/graphviz-a660f7563cd20056295f96ac401d12d2255a5cb5.png)
Advanced Usage¶
It is possible to customize a findings name, override the default finding for events, and more.
But we haven't documented it yet. Please consult the source code.
- class Finding(title, aggregation_key, severity=FindingSeverity.INFO, source=FindingSource.NONE, description=None, subject=<robusta.core.reporting.base.FindingSubject object>, finding_type=FindingType.ISSUE, failure=True, creation_date=None, fingerprint=None, starts_at=None, ends_at=None, add_silence_url=False, silence_labels=None)[source]¶
A Finding represents an event that should be sent to sinks.
- property attribute_map : dict[str, str | dict[str, str]]¶
Block Types¶
Every Block represents a different type of visual data. Here are the possible Blocks:
|
A Block of Markdown |
|
A file of any type. |
|
A visual separator between other blocks |
|
Text formatted as a header |
|
A list of items, nicely formatted |
|
Table display of a list of lists. |
|
A nicely formatted Kubernetes objects, with a subset of the fields shown |
|
A diff between two versions of a Kubernetes object |
|
Json data |
|
A set of buttons that allows callbacks from the sink - for example, a button in Slack that will trigger another action when clicked |
Note
Not all block types are supported by all sinks. If an unsupported block arrives at a sink, it will be ignored
Reference¶
-
class MarkdownBlock(text, dedent=
False)[source]¶ A Block of Markdown
- Parameters:¶
A simple example:
MarkdownBlock("Hi, *I'm bold* and _I'm italic_")Things can get hairy when using writing content across multiple lines:
MarkdownBlock( "# This is a header \n\n" "And this is a paragraph. " "Same paragraph. A new string on each line prevents Python from adding newlines." ),For convenience, use
strip_whitespace=Trueand multiline strings:MarkdownBlock(""" Due to strip_whitespace=True this is all one paragraph despite indentation and newlines. """, strip_whitespace=True)
- class FileBlock(filename, contents, **kwargs)[source]¶
A file of any type. Used for images, log files, binary files, and more.
Examples:
FileBlock("test.txt", "this is the file's contents")
- class DividerBlock(**data)[source]¶
A visual separator between other blocks
Create a new model by parsing and validating input data from keyword arguments.
Raises ValidationError if the input data cannot be parsed to form a valid model.
-
class TableBlock(rows, headers=
(), column_renderers={}, table_name='', column_width=None, metadata={}, table_format=None, **kwargs)[source]¶ Table display of a list of lists.
Note: Wider tables appears as a file attachment on Slack, because they aren't rendered properly inline
-
class KubernetesFieldsBlock(k8s_obj, fields, explanations=
{})[source]¶ A nicely formatted Kubernetes objects, with a subset of the fields shown
-
class KubernetesDiffBlock(interesting_diffs, old, new, name, kind, namespace=
None)[source]¶ A diff between two versions of a Kubernetes object