Dispatch Alerts to a Webhook
Anomify can dispatch alerts to a webhook.
Your webhook endpoint must:
- Accept a header of x-api-key with the key you provide us with to authenticate requests
- Accept a POST with a JSON payload with the event data
Every alert can consist of 3 individual POSTs.
- The initial event json
- An event update once all the correlations analysis is complete
- A final event update that will include all previous info, any subsequent info and the
end_timestamp
value
Initial event json
{
"data": {
"anomaly": {
"anomalyScore": 0.7,
"id": "256828",
"metric": "web-server-1.mysql.counters.handlerRead_rnd",
"timestamp": 1599563224,
"value": 143.544444
}
},
"status": {}
}
NOTE: that id
elements are always passed as a str
not an int
. The reason id
is typed as str
is because it is typed as str
in other responses like the possible related anomalies element. Because these are json objects the id
is the key of the json element and therefore must be typed as a str
which is why all id
objects are a str
.
An event update will be posted a few minutes later once all the correlations analysis has been completed with the same id
.
{
"data": {
"anomaly": {
"anomalyScore": 0.7,
"cross correlations": {
"web-server-1.cpu0.iowait": {
"coefficient": 0.95752,
"shifted": 0,
"shifted_coefficient": 0.95752
},
"web-server-1.mysql.counters.handlerRead_first": {
"coefficient": 0.93422,
"shifted": 0,
"shifted_coefficient": 0.93422
},
"web-server-1.mysql.counters.handlerRead_key": {
"coefficient": 0.9997,
"shifted": 0,
"shifted_coefficient": 0.9997
},
"web-server-1.mysql.counters.handlerRead_next": {
"coefficient": 0.99738,
"shifted": 0,
"shifted_coefficient": 0.99738
},
"web-server-1.mysql.general.selectRange": {
"coefficient": 0.97342,
"shifted": 0,
"shifted_coefficient": 0.97342
},
"web-server-1.procs_running": {
"coefficient": 0.9486,
"shifted": 0,
"shifted_coefficient": 0.9486
},
"web-server-1.total.iowait": {
"coefficient": 0.97975,
"shifted": 0,
"shifted_coefficient": 0.97975
},
"mail-server-1.cpu0.nice": {
"coefficient": 0.99993,
"shifted": 0,
"shifted_coefficient": 0.99993
}
},
"id": "256828",
"metric": "web-server-1.mysql.counters.handlerRead_rnd",
"possible related anomalies": {
"256826": {
"metric": "web-server-1.mysql.counters.handlerRead_key",
"timestamp": 1599563164
},
"256827": {
"metric": "web-server-1.mysql.general.selectRange",
"timestamp": 1599563224
}
},
"possible related matches": {
"169560": {
"timestamp": 1599563230,
"fp id": 8821,
"layer id": "None",
"metric": "web-server-2.mariadb.localhost:3306.mysql.bytes_sent"
},
"169561": {
"timestamp": 1599563235,
"fp id": 8555,
"layer id": "None",
"metric": "web-server-2.mariadb.localhost:3306.mysql.handler_read_next"
}
},
"timestamp": 1599563224,
"value": 143.544444
}
},
"status": {}
}
Later a final event update will be POSTED that will include all previous info, any subsequent info and the end_timestamp
value, which is the end of the anomalous period.
{
"data": {
"anomaly": {
"anomalyScore": 0.7,
"cross correlations": {
...
...
},
"end_timestamp": 1599563860,
"id": "256828",
"metric": "web-server-1.mysql.counters.handlerRead_rnd",
"possible related anomalies": {
...
...
},
"possible related matches": {
...
...
},
"timestamp": 1599563224,
"value": 143.544444
}
},
"status": {}
}