AWS SNS, sending "continuous" notifications to slack - amazon-web-services

On a high level I wrote a lambda that notifies slack when there's an error or not.
From an aws tool-chain perspective, the tech design looks like this:
Acceptance Criteria (in BDD style)
Scenario: As an engineer I want to get notified if my lambda PASSED or FAILED whenever it executes
Given I have a lambda function that runs on a schedule (9am everyday)
Given I have a metric filter that looks for the string "error" in the logs
And I created an alarm that does the following:
# +------------------------+--------------+
# | ALARM |
# +------------------------+--------------+
# | Statistic | Sum |
# | Period | 5 minutes |
# | Threshold type | Static |
# | Alarm condition | >= threshold |
# | Threshold value | 1 |
# | Datapoints to Alarm | 1 of 1 |
# | missing data treatment | ignore |
# | Alarm State | in Alarm |
# +------------------------+--------------+
And I created another alarm that does the following:
# +------------------------+--------------+
# | OK |
# +------------------------+--------------+
# | Statistic | Sum |
# | Period | 5 minutes |
# | Threshold type | Static |
# | Alarm condition | <= threshold |
# | Threshold value | 1 |
# | Datapoints to Alarm | 1 of 1 |
# | missing data treatment | good |
# | Alarm State | OK |
# +------------------------+--------------+
Then EVERY TIME time my function executes without "error" Then I should get "OK"
Then EVERY TIME time my function executes with "error" then I should get "ALARM"
The actual behavior is it will send out a notification only ONCE, and it will only send again when the alarm type changes i.e.
ALARM -> OK
OK -> ALARM
I don't seem to get notifications for this pattern
ALARM -> ALRM
OK -> OK
Ideally I want to receive a notification every time function executes

There’s no need to use a CloudWatch alarm. If you want one message every time the Lambda executes, you should just publish the SNS message as the last thing inside your Lambda function.
try {
// existing code goes here...
snsClient.publish("my-chatbot-topic", "Some success message");
} catch (Exception e) {
snsClient.publish("my-chatbot-topic", "Some error message");
// rethrow the exception so that the lambda still fails for this
throw e;
}

As per AWS documentations:
Alarms invoke actions for sustained state changes only. CloudWatch
alarms don't invoke actions simply because they are in a particular
state, the state must have changed and been maintained for a specified
number of periods.
One solution is to stream the CW logs to a lambda function that sends the SNS messages.
With a fast search I found this code that does exactly this (I didn't try myself): https://github.com/codemonauts/aws-cloudwatch-stream-filter-sns-gateway

Related

Parse lines from messages in a Splunk query to be displayed as a chart on a dashboard

I generate events on multiple computers that list service names that aren't running. I want to make a chart that displays the top offending service names.
I can use the following to get a table for the dashboard:
ComputerName="*.ourDomain.com" sourcetype="WinEventLog:Application" EventCode=7223 SourceName="internalSystem"
| eval Date_Time=strftime(_time, "%Y-%m-%d %H:%M")
| table host, Date_Time, Message, EventCode
Typical Message(s) will contain:
The following services were not running after 5603 seconds and a start command has been sent:
Service1
Service2
The following services were not running after 985 seconds and a start command has been sent:
Service2
Service3
Using regex I can make a named group of everything but the first line with (?<Services>((?<=\n)).*)
However, I don't think this is the right approach as I don't know how to do a valuation for the chart with this information.
So in essence, how do I grab and tally service names from messages in Splunk?
Edit 1:
Coming back to this after a few days.
I created a field extraction called "Services" with regex that grabs the contents of each message after the first line.
If I use | stats count BY Services it counts each message as a whole instead of the lines inside. The results look like this:
Service1 Service2 | Count: 1
Service2 Service3 | Count: 1
My intention is to have it treat each line as its own value so the results would look like:
Service1 | Count: 1
Service2 | Count: 2
Service3 | Count: 1
I tried | mvexpand Services but it didn't change the output so I assume I'm either using it improperly or it's not applicable here.
I think you can do it with the stats command.
| stats count by service
will give a number of appearances for each service. You then can choose the bar chart visualization to create a graph.
I ended up using split() and mvexpand to solve this problem.
This is what worked in the end:
My search
| eval events=split(Service, "
")
| mvexpand events
| eval events=replace(events, "[\n\r]", "")
| stats count BY events
I had to add the replace() method because any event with just one service listed was being treated differently from an event with multiple, after the split on an event with multiple services each service had a carriage return, hence the replace.
My end result dashboard chart:
For Chart dropping down that is clean:
index="yourIndex" "<searchCriteria>" | stats count(eval(searchmatch("
<searchCriteria>"))) as TotalCount
count(eval(searchmatch("search1"))) as Name1
count(eval(searchmatch("search2" ))) as Name2
count(eval(searchmatch("search3"))) as Name3
| transpose 5
| rename column as "Name", "row 1" as "Count"
Horizontal table example with percentages:
index=something "Barcode_Fail" OR "Barcode_Success" | stats
count(eval(searchmatch("Barcode_Success"))) as SuccessCount
count(eval(searchmatch("Barcode_Fail"))) as FailureCount
count(eval(searchmatch("Barcode_*"))) as Totals | eval
Failure_Rate=FailureCount/Totals |eval Success_Rate=SuccessCount/Totals

Filtering by tags not working when using aws ec2 describe-instances from command line (cli)

I'm currently attempting to write an aws ec2 query from the command line (in AWS Linux, not that it should matter). I am trying to set a filter that matches both of the following:
Shows those instances that are in the off state (code 80), and;
Shows those instances who have a tag "ShortPurpose" whose value is "Fleet".
What is actually happening is that all instances in the off state are being returned, regardless of if they have the tag "ShortPurpose":"Fleet" set.
My instances are set up as so:
+-------------+--------------+------------------------+--+
| Instance ID | Tag | Tag Value | |
+-------------+--------------+------------------------+--+
| i-09876 | ShortPurpose | Fleet | |
| | Organisation | UmbrellaCorp | |
| | Name | cloud-01 | |
| | Owner | ORG-UMBR-ELLA | |
| | Purpose | Cloud processing fleet | |
+-------------+--------------+------------------------+--+
| | | | |
| i-12345 | (no tags) | | |
| | | | |
+-------------+--------------+------------------------+--+
The command I am using is:
aws ec2 describe-instances --query "Reservations[*].Instances[*].InstanceId" --filters "Name=tag:ShortPurpose,Values=Fleet,Name=instance-state-code,Values=80"
The results are the standard array style response. The instance state is successfully filtered upon, but not the tags.
I tried to verify your command and it produces errors as you wrote it:
Error parsing parameter '--filters': Second instance of key "Name" encountered for input:
Name=tag:ShortPurpose,Values=Fleet,Name=instance-state-code,Values=80
^
This is often because there is a preceeding "," instead of a space.
However, I was able to successful use it on my sandbox instances as follows:
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].InstanceId" \
--filters Name=tag:ShortPurpose,Values=Fleet Name=instance-state-code,Values=80
I have discovered in one example in the AWS doumentation that I had the wrong query format. The correct query is:
aws ec2 describe-instances --query "Reservations[*].Instances[*].InstanceId" --filters "Name=tag-value,Values=Fleet" "Name=instance-state-code,Values=80"
Note that I'm ignoring the ShortPurpose tag and instead hunting directly for the value, which may exist in any tag.

How do I find change point in a timeseries in PoweBi

I have a group of people who started receiving a specific type of social benefit called benefitA, I am interested in knowing what(if any) social benefits the people in the group might have received immediately before they started receiving BenefitA.
My optimal result would be a table with the number people who was receiving respectively BenefitB, BenefitC and not receiving any benefit “BenefitNon” immediately before they started receiving BenefitA.
My data is organized as a relation database with a Facttabel containing an ID for each person in my data and several dimension tables connected to the facttabel. The important ones here at DimDreamYdelse(showing type of benefit received), DimDreamTid(showing week and year). Here is an example of the raw data.
Data Example
I'm not sure how to approach this in PowerBi as I am fairly new to this program. Any advice is most welcome.
I have tried to solve the problem in SQL but as I need this as part of a running report i need to do it in PowerBi. This bit of code might however give some context to what I want to do.
USE FLISDATA_Beskaeftigelse;
SELECT dbo.FactDream.DimDreamTid , dbo.FactDream.DimDreamBenefit , dbo.DimDreamTid.Aar, dbo.DimDreamTid.UgeIAar, dbo.DimDreamBenefit.Benefit,
FROM dbo.FactDream INNER JOIN
dbo.DimDreamTid ON dbo.FactDream.DimDreamTid = dbo.DimDreamTid.DimDreamTidID INNER JOIN
dbo.DimDreamYdelse ON dbo.FactDream.DimDreamBenefit = dbo.DimDreamYdelse.DimDreamBenefitID
WHERE (dbo.DimDreamYdelse.Ydelse LIKE 'Benefit%') AND (dbo.DimDreamTid.Aar = '2019')
ORDER BY dbo.DimDreamTid.Aar, dbo.DimDreamTid.UgeIAar
I suggest to use PowerQuery to transform your table into more suitable form for your analysis. Things would be much easier if each row of the table represents the "change" of benefit plan like this.
| Person ID | Benefit From | Benefit To | Date |
|-----------|--------------|------------|------------|
| 15 | BenefitNon | BenefitA | 2019-07-01 |
| 15 | BenefitA | BenefitNon | 2019-12-01 |
| 17 | BenefitC | BenefitA | 2019-06-01 |
| 17 | BenefitA | BenefitB | 2019-08-01 |
| 17 | BenefitB | BenefitA | 2019-09-01 |
| ...
Then you can simply count the numbers by COUNTROWS(BenefitChanges) filtering/slicing with both Benefit From and Benefit To.

Google Cloud Platform url resolving

In the billing usage report, links are given in the form of:
com.google.cloud/services/big-query/ActiveStorage
Does this correspond to an actual url? If so, what would that be?
At close look it looks like a namespace, as it's starts with com.
The link you posted actually describes as MeasurementId:
The ID of the type of resource that is being measured. For example,
VmimageN1Standard_1 to represent an n1-standard-1 machine type.
Example: com.google.cloud/services/compute‑engine/VmimageN1Standard_1
also gives an example that contains Resource URI
+-------------+--------------------------------------------------------------+----------+---------+----------------------------------------------------------------------------------------------------+-------------+---------------+
| Report Date | MeasurementId | Quantity | Unit | Resource URI | Resource ID | Location |
+-------------+--------------------------------------------------------------+----------+---------+----------------------------------------------------------------------------------------------------+-------------+---------------+
| 02/13/2014 | com.google.cloud/services/compute-engine/VmimageN1Standard_1 | 86400 | seconds | https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instances/my-instance | 16557630484 | us-central1-a |
+-------------+--------------------------------------------------------------+----------+---------+----------------------------------------------------------------------------------------------------+-------------+---------------+
I think you could actually use Resource URI instead of MeasurementId to match billing export items.

cucumber Repeat steps

I am learing cucumber and trying to write a feature file.
Following is my feature file.
Feature: Doctors handover Notes Module
Scenario: Search for patients on the bases of filter criteria
Given I am on website login page
When I put username, password and select database:
| Field | Value |
| username | test |
| password | pass |
| database | test|
Then I login to eoasis
Then I click on doctors hand over notes link
And I am on doctors handover notes page
Then I select sites, wards, onCallTeam, grades,potential Discharge, outstanding task,High priority:
| siteList | wardsList | onCallTeamList | gradesList | potentialDischargeCB | outstandingTasksCB | highPriorityCB |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | null | null | null | null | null |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | GENERAL MEDICINE | null | null | null | null |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | GENERAL MEDICINE | CONSULTANT | null | null | null |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | GENERAL MEDICINE | CONSULTANT | true | null | null |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | GENERAL MEDICINE | CONSULTANT | true | true | null |
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | GENERAL MEDICINE | CONSULTANT | true | true | true |
Then I click on search button
Then I should see search results
I want to repeat last three steps like I select the search criteria then click on search button and then check search result. So how should I break this feature file. if I use scenario outline then there would be two different scenarios One for login and one for search criteria. Is that fine? Will the session will maintain in that case? Whats the best way to write such feature file.
Or is this a right way to write?
I don't think we can have multiple example sets in a Scenario Outline.
Most of the scenario steps in the example is too procedural to have its own step.
The first three steps could be reduced to something like.
Given I am logged into eoasis as a <user>
Code in the step definition, which could make calls to a separate login method that could take care of updating entering the username, password and selecting database.
Another rule is to avoid statements like "When I click the doctor's handover link". The keyword to avoid here being click. Today its a click, tomorrow it could be drop down or a button. So the focus should be on the functional expectation of the user, which is viewing the handover notes. So we modify this to
When I view the doctor's handover notes link
To summarize, this is how I would write this test.
Scenario Outline: Search for patients on the basis of filter criteria
Given I am logged into eoasis as a <user>
When I view the doctor's handover notes link
And I select sites, wards, onCallTeam, grades, potential Discharge, outstanding task, High priority
And perform a search
Then I should see the search results
Examples:
|sites |wards |onCallTeam |grades |potential Discharge |outstanding task |High priority|
| THE INFIRMARY | INFIRMARY WARD 9 - ASSESSMENT | null | null | null | null | null |
This really is the wrong way to write features. This feature is very declarative, its all about HOW you do something. What a feature should do is explain WHY you are doing something.
Another bad thing this feature does is mix up the details of two different operations, signing in, and searching for patients. Write a feature for each one e.g.
Feature: Signing in
As a doctor
I want my patients data to only be available if I sign in
So I ensure their confidentiality
Scenario: Sign in
Given I am a doctor
When I sign in
Then I should be signed in
Feature: Search for patients
Explain why searching for patients gives value to the doctor
...
You should focus on the name of the feature and the bit at the top that explains why this has value first. If you do that well then the scenarios are much easier to write (look how simple my sign in scenario is).
The art of writing features is doing this bit well, so that you end up with simple scenarios.