Merge pull request #296 from guilhemmarchand/testing

Version 1.2.39

docs/configuration.rst

@@ -406,8 +406,13 @@ However, because TrackMe relies on KVstore based lookups, it is very straightfor
 
 Such a report would be scheduled to run daily or so, and would automatically maintain the priority definition based on an external integration.
 
-Step 7: enabling out of the box alerts
-======================================
+Step 7: enabling out of the box alerts or create your own custom alerts
+=======================================================================
+
+**Since TrackMe 1.2.39, a dedicated screen allows to manage alerts within TrackMe, and create your own alert in assisted mode:**
+
+Using out of the box alerts
+---------------------------
 
 **TrackMe provides out of the box alerts that can be used to deliver alerting when a monitored component reaches a red state:**
 
@@ -417,10 +422,7 @@ Step 7: enabling out of the box alerts
 
 - TrackMe - Alert on metric host availability
 
-**To see these alerts, go in:**
-
-- Nav menu ``Search / Alerts``
-- Or Splunk ``Settings / Searches, report and alerts``
+**In TrackMe main screen, go to the tracking alerts tab:**
 
 .. image:: img/ootb_alerts.png
    :alt: ootb_alerts.png
@@ -431,9 +433,33 @@ Step 7: enabling out of the box alerts
 
    - Out of the box alerts are disabled by default, you need to enable alerts to start using them
    - Alerts will trigger by default on ``high priority`` entities only, this is controlled via the macro definition ``trackme_alerts_priority``
-   - If you need additional levels of granularity in the alerting, for example to alert for medium priority with a different less critical workflow, clone these alerts and create your own versions
    - Edit the alert to perform your third party integration, for example ``sending emails`` or creating ``JIRA issues`` based on Splunk alert actions capabilities
 
+Creating custom alerts in assisted mode
+---------------------------------------
+
+**You can use this interface to a create one or more custom alerts:**
+
+.. image:: img/cutom_alerts/img001.png
+   :alt: img001.png
+   :align: center
+   :width: 1200px
+
+**This opens the assistant where you can choose between different builtin options depending on the type of entities to be monitoring:**
+
+.. image:: img/cutom_alerts/img002.png
+   :alt: img002.png
+   :align: center
+   :width: 800px
+
+Once you have created a new alert, it will be immediately visible in the tracking alerts UI, and you can use the Splunk built alert editor to modify the alert to up to your needs such as enabling third party actions, emails actions and so forth.
+
+   .. hint:: Custom alert features
+
+      - Creating custom alerts provide several layers of flexibility depending on your choices and preferences
+      - You may for example have alerts handling lowest level of prority with a specific type of alert action, and have a specific alert for highly critical entities
+      - Advanced setup can easily be performed such as getting benefits from the tags features and multiple alerts using tag policies to associate data sources and different types of alerts, recipients, actions...
+
 Final: Read the docs and start using TrackMe
 ============================================
 

docs/releasenotes.rst

@@ -1,6 +1,26 @@
 Release notes
 #############
 
+Version 1.2.39
+==============
+
+**CAUTION:**
+
+This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
+
+- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
+- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
+- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
+
+TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
+https://trackme.readthedocs.io/en/latest/configuration.html
+
+- Feature - Issue #292 - Alerts - New screen for alerts management in TrackMe, review, edit and add alerts within the UI
+- Enhancement - Issue #295 - Long term trackers performance - Major reduction of the long term trackers runtime by better taking into account the existing short term entities knowledge
+- Enhancement - Issue #290 - Alerts - OOTB alert TrackMe - Alert on data source availability should suppress on data_name only
+- Fix - Issue #291 - REST endpoint - the endpoint mh_update_priority does not preserve the monitored_state
+- Fix - Issue #294 - Data hosts - Long term tracker filter error causes the long term to miss entities indexing lately
+
 Version 1.2.38
 ==============
 

docs/userguide.rst

@@ -34,6 +34,7 @@ Main navigation tabs
 - ``METRIC HOSTS TRACKING`` shows metrics discovered for each ``host sending metrics`` to Splunk
 - ``INVESTIGATE STATUS FLIPPING`` shows the detection of an entity switching from a state, example green, to another state like red
 - ``INVESITAGE AUDIT CHANGES`` shows all changes performed within the UI for auditing and review purposes
+- ``TRACKING ALERTS`` shows alerts activity, allows managing and creating new custom alerts adapated to TrackMe context
 
 Data Sources tracking and features
 ----------------------------------
@@ -2974,9 +2975,13 @@ Out of the box alerts
 - ``TrackMe - Alert on data host availability``
 - ``TrackMe - Alert on metric host availability``
 
-.. warning:: These alerts are disabled by default, and need to be manually enabled if you wish to use them in your global alerting workflow.
+.. hint:: enabling out of the box alerts and custom alerts creation
 
-Built-in alerts are Splunk alerts which can be extended to be integrated in many powerful ways, such as your ticketing system (Service Now, JIRA...) or even mobile notifications with Splunk Cloud Gateway.
+   - Depending on your preferences, you may simply enable one or more out of the box alerts
+   - You can as well easily create custom alerts that are more specific to your context, with various options depending on the types of entities
+   - Once an alert is enabled, use the Splunk editor if you wish to enable third party alert actions such as creating tickets in your incident management. sending emails, etc.
+
+For more details, see :ref:`Step 7: enabling out of the box alerts or create your own custom alerts`
 
 Alerts acknowledgment
 =====================

trackme/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "trackme",
-      "version": "1.2.38"
+      "version": "1.2.39"
     },
     "author": [
       {

trackme/bin/trackme_rest_handler_metric_hosts.py

@@ -809,7 +809,7 @@ def post_mh_update_priority(self, request_info, **kwargs):
                     "metric_first_time_seen": record[0].get('metric_first_time_seen'), 
                     "metric_last_time_seen": record[0].get('metric_last_time_seen'),
                     "metric_max_lag_allowed": record[0].get('metric_max_lag_allowed'),
-                    "metric_monitored_state": record[0].get('metric_max_lag_allowed'),
+                    "metric_monitored_state": record[0].get('metric_monitored_state'),
                     "metric_monitoring_wdays": record[0].get('metric_monitoring_wdays'),
                     "metric_override_lagging_class": record[0].get('metric_override_lagging_class'),
                     "metric_host_state": record[0].get('metric_host_state'),

trackme/default/app.conf

@@ -16,4 +16,4 @@ label = TrackMe
 [launcher]
 author = Guilhem Marchand
 description = Data tracking system for Splunk
-version = 1.2.38
+version = 1.2.39