Event Tagging

Event tagging can help you add relevant information to incoming incidents to make it more context-rich for the user

Event tagging can help you add relevant information to incoming incidents to make it more context-rich for the user.

Auto Tagging Events

For each service, you can define your rule for event tagging.

You can set this up by going to app.squadcast.com.

  • Go to the relevant service
  • Click on the options dropdown
  • Choose Tagging Rules

Change screenshot

  • Choose Alert Source from the Dropdown

By default, when a new rule is being created, a user is prompted to use the drop-down blocks for convenience in-order to create a tagging rule. As you build the expression from these drop-downs, simultaneously you can see the corresponding tagging expression raw string for the same, just to ensure that you are building the right rule.

The drop-down blocks are beginner friendly for sure, but they aren't as flexible as raw string method.
If you want more flexibility while building your expressions, you may opt anytime to switch to use the raw string mode by clicking the edit button as shown.

The method of specifying one rule is independent from others in the same service as well.
So, for the same service, you may have few rules in drop-down block mode, few in raw-string mode.

πŸ“˜

NOTE

  1. Once you opt for the raw-string method, you can't revert back to the drop-down blocks.

  2. The drop-down blocks don't support any function calls like addTag and addTags that we have. In-order to use them, you would have to opt for constructing the tagging expression from scratch yourself.

  3. The drop-down blocks only support logical AND operator between 2 expressions. If you want to have a logical OR operation between 2 expressions, then you would have to create a new tagging rule instead and have the copy over the same tags for the other rule.

Then, you can add the tag key value pairs. You can select a colour of your choice for a tag key value by clicking on the circular colour button at the start of the map row. You can add as many tags by clicking on the "Add new mapping" button.

You can also add as many rules and configure as many key value mappings for each of these rules.

πŸ“˜

UPDATE: Multiple Alert Source

We can see alert payloads of past events from different alert sources for the service by selecting the respective alert source from the dropdown in the right-half side.

Now you can have tagging rules for a service specific to an alert source by making use of the source field which lets you know the alert source that triggered the incoming event.

For example, if you want to have a tagging rule for a service, only for alerts coming for jira-plugin alert source, then the corresponding rule would look something like: source == 'jira-plugin' && (<your_tagging_rule>)

The tags will be visible against an incident in the incident dashboard and the incident details page.

Adding Tags directly from the payload

You can use the below expressions to add tags with key value pairs directly from the payload.

For the purpose of explaining this better, the below Payload is used as an example.

Add payload

Add a single tag

General Format:

addTag ( <tag key as string>, <payload selector or string>, [ <color> ])

  • tag key: The key of the Tag label. Only letters and numbers allowed. Anything else will be ignored.
  • payload selector or string: You can choose to set a tag value from the payload or you can set any custom string as the tag value.
  • color: You can set color as a valid HEX code. This is optional. If this parameter is omitted, the default colour - #0F61DD will be used.

For this example, we're using addTag( "severity", payload.labels.severity, "#037916") as the tag rule.
You will see that the tags are added automatically with the associated key value pair.

πŸ“˜

Note

The addTag function always returns a true value. So, this can be chained with other logical operators to set multiple tags from the payload.

Add multiple tags

General Format: addTags( <payload selector>)

  • payload selector: You can choose to set an object with key value pairs as tags from the payload.

For this example, we're using addTags( payload.labels) as the tag rule.

You will see every key value pair within labels added as a separate tag for the incident.

πŸ“˜

Note

  • The key of the Tag label, tag key can only contain letters (both lowercase and uppercase) and numbers. Anything else will be ignored.

  • The addTags function will add all the tags with the default colour only - #0F61DD

Isolating a Tagging Rule for a specific alert source

By default, any rule added for a service will be executed for all its active alert source integrations. You can choose to isolate Tagging Rules for specific alert sources based on the source field provided in the right JSON panel.

Example:
source == "api" && addTags(payload.labels)

This will ensure that this Tagging rule will only be active for incidents triggered via the APIv2 alert source for the service. This rule will not function for any other alert source.

πŸ“˜

Rule Evaluation Method

Every rule will be evaluated and all the tags of the matching rules will be attached to the incident.

Syntax for rules

The rule engine supports expressions with parameters, arithmetic, logical, and string operations.

  • Basic expression: 10 > 0, 1+2, 100/3
  • Parameterized expression: payload.metric == "disk"
    The available parameters are payload
    • payload : This parameter contains the JSON payload of an incident which will be the same as the JSON payload format for the future events for a particular alert source.
  • Regular expression: re(payload.metric, "disk.*")
    This can be used to check if a particular JSON payload field matches a regular expression.
  • Parsing JSON content: jsonPath(payload.message, "a.b.c")
    This can be used to parse JSON formatted strings and get the jsonPath from the resulting JSON object.
  • Adding multiple tags from the payload: addTag( "severity", payload.severity, "#037916")
  • Adding a tag from the payload: addTags(payload.labels)

Example

For a sample content shown in the right panel of the configuration space

{
  "payload": {
    "issue_description": "bug - 2",
    "issue_id": "10029",
    "issue_key": "HYD-30",
    "issue_labels": [],
    "issue_link": "http://13.233.254.18:8080/browse/HYD/issues/HYD-30",
    "issue_priority": "Medium",
    "issue_summary": "bug - 2",
    "issue_type": "Bug",
    "project_id": "10000",
    "project_key": "HYD",
    "project_name": "hydra"
  },
  "source": "jira-plugin"
}

Use Case: Setting Severity as a Tag

Assuming a case where disk usage events need to be prioritised:

When the disk usage is greater than 90% - critical and state tag is alerting
When the disk usage is between 60 - 90% - high
When the disk usage is less than 60% - low

Create 3 rules with the following configuration

Rules

Critical: payload.value > 90 && jsonPath(payload.tags, "state") == "alerting"
High: payload.value > 60 && payload.value < 90
Low: payload.value < 60

Manual Tagging

Adding Tags to a Manually Triggered Incident

When you create an incident manually via the + button, by default, you will have the option to add Tags to an incident. You can do so by assigning the tag name and tag value in the text fields provided and you can also change the tag color by clicking on the blue circle. You can also add multiple tags by clicking on the Add Tag option provided on the screen.

Updating Tags to an Existing Incident

You can choose to update tags for an existing incidents as well.

In order to do this, go to the Incident details page and click on the More Icon (three dots) against the Incident Message space of the page and click on Update Tags.

You can then assign the tag name and tag value in the text fields provided and you can also change the tag color by clicking on the color circle. You can also add multiple tags by clicking on the Add Tag option provided on the screen.

The updated tags will now reflect on the Incident Details page.

Add a Tag From Incident JSON

This section will give you an understanding of how you can add tags to an incidents straight from the Incident JSON using our API.

Typical Incident JSON:

{
   "message":"This will be the incident message",
   "description": "This will be the incident description"
   "tags": {
     "tagname1":"Tag value#1"
     "tagname2":"Tag value#2"
     "tagname3": {
       "color": "Valid HTML HEX Colour Notation goes here"
       "value":"Tag value#3"
   }
}

Example Tagging Rules

Using Tags to Set Severity:

{
        "message": "Error rates higher than usual",
    "description": "HTTP Error rates for srv_90 is above 90 counts/hour",
    "tags": {
        "severity": "high"
    }
}

πŸ“˜

Note:

If a colour code isn't explicitly mentioned, then the system takes the default colour "#808080" for the tag

Assigning Colours to Tags:

{
    "message": "Error rates higher than usual",
  "description": "HTTP Error rates for srv_90 is above 90 counts/hour",
    "severity": {
    "colour": "#FF0000",
    "value":"backend"
  }
}

Different ways of tagging incident:

{
    "message": "Error rates higher than usual",
  "description": "HTTP Error rates for srv_90 is above 90 counts/hour",
    "tags" : {
    "severity": "high",
      "impact_level": 5,
    "classification": {
        "color":"#FF0000",
        "value":"backend"
     }
    }
 }

How-to-Video: Update Tags Manually

Updated 17 days ago


Event Tagging


Event tagging can help you add relevant information to incoming incidents to make it more context-rich for the user

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.