使用 EventBridge 摄取 APM 警报的有效载荷要求
事件检测及响应服务从哪里摄取 APM 警报?
AWS 事件检测及响应服务会将托管式规则安装在事件总线上,而您会将转换后的最终有效载荷发送到该事件总线上。最好是为此目的创建自定义事件总线。
有效载荷必须采用什么格式?
AWS 事件检测及响应服务摄取的事件总线事件中需要以下最小的 JSON 键值对:
{ "detail-type": "ams.monitoring/generic-apm", "source": "GenericAPMEvent" "detail": { "incident-detection-response-identifier": "Your alarm name from your APM", } }
以下示例显示了来自合作伙伴事件总线的事件在转换前后的情况。
转换前:
{ "version": "0", "id": "a6150a80-601d-be41-1a1f-2c5527a99199", "detail-type": "Datadog Alert Notification", "source": "aws.partner/datadog.com/Datadog-aaa111bbbc", "account": "123456789012", "time": "2023-10-25T14:42:25Z", "region": "us-east-1", "resources": [], "detail": { "alert_type": "error", "event_type": "query_alert_monitor", "meta": { "monitor": { "id": 222222, "org_id": 3333333333, "type": "query alert", "name": "UnHealthyHostCount", "message": "@awseventbridge-Datadog-aaa111bbbc", "query": "max(last_5m):avg:aws.applicationelb.un_healthy_host_count{aws_account:123456789012} <= 1", "created_at": 1686884769000, "modified": 1698244915000, "options": { "thresholds": { "critical": 1.0 } }, }, "result": { "result_id": 7281010972796602670, "result_ts": 1698244878, "evaluation_ts": 1698244868, "scheduled_ts": 1698244938, "metadata": { "monitor_id": 222222, "metric": "aws.applicationelb.un_healthy_host_count" } }, "transition": { "trans_name": "Triggered", "trans_type": "alert" }, "states": { "source_state": "OK", "dest_state": "Alert" }, "duration": 0 }, "priority": "normal", "source_type_name": "Monitor Alert", "tags": [ "aws_account:123456789012", "monitor" ] } }
请注意,在转换事件之前,detail-type 和 source 指明警报源自的 APM 详细信息。必须在摄取之前对其进行修改。incident-detection-response-identifier 键尚不存在,也必须在摄取前添加。
Lambda 函数转换上述事件并将其放入目标自定义或默认事件总线中。转换后的有效载荷必须包含所需的键值对。
转换后:
{ "version": "0", "id": "7f5e0fc1-e917-2b5d-a299-50f4735f1283", "detail-type": "ams.monitoring/generic-apm", "source": "GenericAPMEvent", "account": "123456789012", "time": "2023-10-25T14:42:25Z", "region": "us-east-1", "resources": [], "detail": { "incident-detection-response-identifier": "UnHealthyHostCount", "alert_type": "error", "event_type": "query_alert_monitor", "meta": { "monitor": { "id": 222222, "org_id": 3333333333, "type": "query alert", "name": "UnHealthyHostCount", "message": "@awseventbridge-Datadog-aaa111bbbc", "query": "max(last_5m):avg:aws.applicationelb.un_healthy_host_count{aws_account:123456789012} <= 1", "created_at": 1686884769000, "modified": 1698244915000, "options": { "thresholds": { "critical": 1.0 } }, }, "result": { "result_id": 7281010972796602670, "result_ts": 1698244878, "evaluation_ts": 1698244868, "scheduled_ts": 1698244938, "metadata": { "monitor_id": 222222, "metric": "aws.applicationelb.un_healthy_host_count" } }, "transition": { "trans_name": "Triggered", "trans_type": "alert" }, "states": { "source_state": "OK", "dest_state": "Alert" }, "duration": 0 }, "priority": "normal", "source_type_name": "Monitor Alert", "tags": [ "aws_account:123456789012", "monitor" ] } }
请注意,detail-type 现在是 ams.monitoring/generic-apm,源现在是 GenericAPMEvent,在详细信息下有新的键值对:incident-detection-response-identifier。
incident-detection-response-identifier 值是根据您的 APM 发送的有效载荷从警报名称中提取的。APM 警报名称路径因 APM 而异。必须设置 Lambda 函数,以便从 Lambda 收到的 APM JSON 有效载荷中的正确路径获取警报名称,并将其用于 incident-detection-response-identifier 值。
对于发送到 AWS 事件检测及响应服务的每种警报类型,incident-detection-response-identifier 值必须是唯一的。incident-detection-response-identifier 上设置的每个唯一名称必须在加入期间提供给 AWS 事件检测及响应服务团队。不处理其 incident-detection-response-identifier 键的值未知或缺失的事件。
