Versions Supported: Enterprise
VictorOps Version Required: N/A SaaS
A transformation is a way to change alert data before it arrives at your VictorOps timeline. Typing the name of an existing field into the Transform’s ‘alert field’ box, allows you to overwrite that field with a new value of your choosing.
Transformation actions can also add entirely new fields to an alert. This can be accomplished by simply typing the desired name of the field into the alert field section and assigning a value.
Changing the routing key
Change the routing key of a particular set of alerts that need to create incidents for a different team. Assuming you set up an integration that sends all alerts to your Database team, but you want a particular subset of incidents related to a specific host (db03) to go to the Development team (routing_key = devs)
Adding a new alert field
Add a new unique field to an alert by a new field name to the alert field, this will automatically create a new field. The value of the new field can be set anything you want.
Muting Noisy Alerts
Some alerts coming into the timeline can be distracting and cause unnecessary paging. By transforming the message_type field to INFO these noisy alerts can be muted.
Change the Appearance of Incidents and Notifications
The below transformation changes the display name to show more details in the notification message — the entity_display_name. The below screenshot shows how using variable expansion and transformations the display name is transformed to also reflect the monitoring tool and host name of the incident.
Combining Multiple Different Alerts Into One Single Incident
To combine multiple different alerts into one single incident, first find a value to match which associates multiple different incidents. Then, transform the entity_id field to a set value. By pre-determining the entity_id, VictorOps will automatically aggregate the alerts.
Transform/Create fields from an email body with RegEx
Email bodies are ingested to the state_message field, since there can be large amounts of data in this field, RegEx becomes especially helpful. In this example, we have an automated email sending us information we want to extract via RegEx capture groups.
Using this rule we can extract strings following the words “hostname: “, “service: “, and “message: ” that are ingested in the state_message field. Using the RegEx capture groups (contained in parenthesis( ) ) we can add new alert fields or transform existing ones.
When applied to this email
The resulting payload of the alert is transformed to be
For additional information on how to annotate alerts, see this article.
For help with AND/OR logic, see this article.