Webhooks - context filtered anomaly alerts
The filter logic is based on the same syntax as the JSON logic engine. A complete filter example is shown below in “Example 3 - a complete filter”.
A complete overview of all the Eyer APIs can be found at https://www.postman.com/eyer-1091900/eyer-api-collection/overview
Webhooks are managed via the “webhooks filtered -” APIs.
Investigational APIs for the filtered alerts are named “filtered alerts -”
Eyer provides context based alert webhooks, that can be configured based on a quite powerful JSON logic engine. We recommend that you spend some time to gather the requirements and context for the alerting before you configure the webhooks.
You can of course write the JSON logic manually and setup the webhooks directly, or if you have more advanced logic you can chose to process your context and logic through a LLM like explained below:
Steps to create the alert filters with the template and a LLM
Open a LLM of choice, attach the “LLM_FILTER_PROMPT_v3.md” and write “here are your instructions”. Let the LLM finish parsing the instructions, and then type “create a json logic complete ruleset based on the input below”. You can type in your instructions directly or use the attached template described below in a) and b).
Copy the template text from the PDF above into a text editor of choice, and populate with the relevant information. Each main section (1,2,3 etc) will be handled separately (with OR). Once complete, export as a PDF. You can differentiate between metrics (statTypes) and components (nodes). Add / remove sections as necessary.
Open a LLM of choice, attach the PDF and provide it with the LLM_FILTER_PROMPT_v3.md plus the instruction “create a json logic complete ruleset based on input from the doc attached”. The output should be a JSON logic ruleset similar to example 3 below.
Test the rule set
Create a webhook and create an unfiltered subscription via the subscribe webhook API (see example 1)
After some time have you should have a few alerts created with a unique ID + sequence number (
"eventId": "6937843152d46172f63c5b5f|00000220")Now you can test these alerts towards your generated ruleset from step 2 in the test API, to verify that your filter is working (see example 2).
Modify the alert filter / re-create the filter if necessary until you are happy with the result.
Deploy the generated filter via the subscribe webhook API (example 1)
You can of course create the filters without a LLM, and test the rules as described in step 2 above.
Example 1 - body to create an unfiltered / filtered webhook subscription
{
"name": "name_of_choice",
"url": "https://your_webhook",
"filter":
{
Your generated filter goes here. If unfiltered, this section should be empty
}
}
Example 2 - test body for filter testing. Ensure you have the correct “eventId” populated.
{
"filter":
{
your generated filter goes here
}
,
"eventId": "your event id|sequence number"
}
Example 3 - a complete filter
{
"and": [
{
"!": {
"some": [
{ "var": "event.changes" },
{
"in": ["test", { "val": "statTypeName" }]
}
]
}
},
{
"and": [
{ "<=": [{ "var": "event.learningStatus" }, 1] },
{ ">=": [{ "var": "event.impact.rank" }, 2] },
{
"some": [
{ "var": "event.changes" },
{
"or": [
{ "in": ["Message Publishing Throttling State", { "val": "statTypeName" }] },
{ "in": ["Message Delivery Throttling State", { "val": "statTypeName" }] },
{ "in": ["Active Instance Count", { "val": "statTypeName" }] },
{ "in": ["Process Memory Usage", { "val": "statTypeName" }] },
{ "in": ["Suspended Messages", { "val": "statTypeName" }] }
]
}
]
},
{
"or": [
{ ">": [{ "var": "computed.impact.current" }, { "var": "computed.impact.max_24h" }] },
{ "===": [{ "var": "computed.impact.max_24h" }, null] }
]
}
]
}
]
}