The default notification payloads for Slack are very out of date and recovery payloads cannot be edited at all. This means notifications sent to Slack have an unavoidably poor experience.
The current template has several issues which should be changed:
- Slack has labled the "attachments" API as legacy functionality and explicitly recommends using the Block Kit API instead. [source]
- Sharing a message posted using the default template simply embeds the message into a new message, rather than posting a link to the message
- I can only assume this is because the contents of the message are "attachments"
text
property is missing, preventing Slack from generating previews of messages in notifications- Messages sent using the existing payload are shown as
[no preview available]
in notifications - This field is marked as required in the Slack API docs [source]
- Messages sent using the existing payload are shown as
- The entire
Query
is displayed in the text of the notification- This is redundant as the URL clicks through to a Sumo Logic search of the same query
- It also gets out of hand very quickly with even a modest query, making the alerts very hard to read
- The embedding of the full text of the query also makes it extremely easy to break the formatting on Slack
The suggestions are summarised as follows:
- Use Slack's Block Kit API in place of the legacy attachment API
- Include a
text
property in the payload for message previews - Simply include a link to the query with a fixed label instead of the query text
- Where possible, link to the
AlertResponseURL
instead of an arbitrary Sumo Logic query
Additionally, redundant fields (such as including both TriggerTime
and TriggerTimeRange
) in the notification should be consolidated.
There are two sets of files: alert
and recovery
. Each set has two files: current
and suggestion
. The current
files represent what the payload currently is, and the suggestion
files represent a suggested payload to replace it. alert
files are for critical/warning etc notifications, and recovery
files are for notifications sent when a monitor is resolved.