Notification Templates

What are Notification Templates?

Notification Templates define the format and content of notifications sent to different destinations. They allow customization of messages based on the notification type.

You create Notification Templates for email, Slack, PagerDuty, and webhook notifications. These templates can be used when configuring notifications alongside Notification Targets.

Note: Notification Templates are Optional when configuring Notifications.

Using Notification Templates

Notification Templates can be referenced while configuring notifications for Notifiable Objects using Spyctl. You can either specify a Notification Target or a Notification Template that map specific targets to templates like below.

Example usage with Spyctl:

Example:

spyctl notifications configure saved-query QUERY_UID \
  --target-map TARGET_NAME_OR_UID=TEMPLATE_NAME_OR_UID

Usage:

spyctl notifications configure saved-query query:abc \
  --target-map OperationsTeam=email-template \
  --cooldown 300

The $spyctl notifications configure command allows notifications to be sent using either Custom templates with Targets or directly via Targets (using Default Template).

Types:

Note: Below examples shows YAML Templates, but they can also be generated in JSON format.

Email

Email Notification Templates define the subject and body format for email notifications.

apiVersion: spyderbat/v1
kind: NotificationTemplate
metadata:
  name: email-template
  type: email
spec:
  subject: ''
  body_html: ''
  body_text: ''

Note: Users must populate subject, body_html, and body_text using placeholders to customize the email content.

spec:
  subject: "Spyderbat Alert: {{ severity }} Severity Detected"
  body_html: "<p>Alert triggered at {{ __hr_time__ }}</p><p>Details: {{ description }}</p>"
  body_text: "Alert triggered at {{ __hr_time__ }}. Details: {{ description }}"

Slack

Slack Notification Templates define the message structure for Slack notifications. Notification templates can be generated in YAML or JSON format as desired.

apiVersion: spyderbat/v1
kind: NotificationTemplate
metadata:
  name: slack
  type: slack
spec:
  text: ''
  blocks: []

After populating template:

apiVersion: spyderbat/v1
kind: NotificationTemplate
metadata:
  name: slack
  type: slack
spec:
  text: "Alert: {{ severity }} - {{ description }}"
  blocks:
    - type: section
      text:
        type: mrkdwn
        text: "*Alert Triggered at:* {{ __hr_time__ }}\n*Details:* {{ description }}"

Webhook

Webhook Notification Templates define the payload structure for webhook notifications.

apiVersion: spyderbat/v1
kind: NotificationTemplate
metadata:
  name: webhook-template
  type: webhook
spec:
  payload: {}
  entire_object: false

After populating template:

spec:
  payload:
    severity: "{{ severity }}"
    details: "{{ description }}"
    timestamp: "{{ __hr_time__ }}"

PagerDuty

PagerDuty Notification Templates define the format for alerts sent to PagerDuty.

apiVersion: spyderbat/v1
kind: NotificationTemplate
metadata:
  name: pg
  type: pagerduty
spec:
  class: null
  component: null
  source: ''
  summary: ''
  severity: ''
  dedup_key: null
  custom_details: {}
  group: null

After populating template:

spec:
  summary: "Spyderbat Saved Query '{{ __query_name__ }}' Matched"
  source: "{{ __source__ }}"
  severity: "{{ __pd_severity__ }}"
  custom_details: 
    "description": "{{ description }}"
    "cluster": "{{ __cluster__ }}"
    "time": "{{ __hr_time__ }}"
    "linkback": "{{ __linkback__ }}"

Use these templates to ensure consistent and structured notifications across different channels.

Placeholder Fields and Dynamic Variables

Some fields in Notification Templates are dynamically calculated and replaced at runtime using placeholders. These placeholders allow real-time data insertion into notification messages.

Understanding Placeholder Fields

Placeholder fields allow dynamic values to be inserted into notification templates. These fields are replaced with actual data when a notification is sent.

They're represent with syntax: __field__

Some Common Spyderbat Internal Placeholder Fields are:

{{ __source__ }} - Source of the event

{{ __cluster__ }} - Cluster where the event occurred

{{ __hr_time__ }} - Human-readable timestamp

{{ __linkback__ }} - Link to view the event in Spyderbat

{{ __time_int__ }} - Timestamp in integer format

{{ __origin__ }} - Origin of the event

{{ __hostname__ }} - Hostname where the event occurred

{{ __percent__ }} - Percentage value related to the event

{{ __pd_severity__ }} - Severity level formatted for PagerDuty

{{ __query_name__ }} - Name of the saved query that triggered the event

Example Usage in Email Body:

<p>Spyderbat Custom Flag "{{ custom_flag_name }}" Emitted</p>
<ul>
    <li>Cluster: {{ __cluster__ }}</li>
    <li>Source: {{ __source__ }}</li>
    <li>Time: {{ __hr_time__ }}</li>
</ul>
<p>{{ description }}</p>
<p><a href="{{ __linkback__ }}">View in Spyderbat</a></p>

Dereferencing Values from the Object:

Static fields or regular placeholders ({{ severity }}, {{ description }}) are fields that are passed directly from the model object. Static text remains unchanged and does not need placeholders.

• {{ severity }} - Severity level of the event

• {{ description }} - Description of the event

By customizing Notification Templates with placeholders, users can ensure notifications provide meaningful and actionable information tailored to their needs.

Conclusion

By following this guide, you can create well-structured, dynamic Notification Templates for different destinations. Using placeholders correctly ensures your notifications contain relevant, real-time data.

Manage Notification Templates Using Spyctl

Quick Start Tutorial

To quickly get started using using Spyderbat Notifications follow our tutorial using spyctl.