NRQL for alert condition is:
SELECT max(AppOpenFD) FROM AppOpenFDSample FACET entityKey
so tag.entityKey should be available to use in custom violation description.
But again, if it is not possible to pass custom violation description to webhook, then this is useless.
Maybe my approach is not correct.
Basically, I am monitoring number of open files on ASG member EC2 instances and I want to trigger a webhook if certain condition applies - let’s say number of open files in x minutes bigger than 10k - and pass instance ID of the EC2 instance that met the condition to AWS Event Bridge endpoint.
Based on this blog post:
I am trying to implement something like this:
- Number of Open Files Event (With EC2 instance ID as entityKey) >
- Policy with alert condition: query result bigger than 10k for at least 5 mins [query = ‘SELECT max(AppOpenFD) FROM AppOpenFDSample FACET entityKey’] >
- Same policy’s Notification channel set to Webhook with Event Bridge endpoint and eventKey of the instance that met the condition as payload.
@philweber you mentioned that it is not possible to pass custom payload to webhook. So how can I implement above solution to notify Event Bridge with a payload including entityKey (Instnace ID)?