[📃 Docs]: disposable and enrich alert in trigger interval or manual (from workflow page) or incident #2995
Description
My question is in the context of enrichment in the resolve_old_alert case
- what does disposable true do?
- how does the enrichment rule work if you don't have an alert in the trigger?
- can I call subprocess in trigger interval or other with sending variables (for queried alerts in keep) ??
I currently have a case with zabbix, when I get data from it, but I don't know about resolving data. In an attempt to poll it again, I want to write updated data to alert for scope in trigger interval or manual (from workflow page) or incident. How I can poll and enrich using a trigger?
id: resolve-old-alerts
description: '-'
disabled: true
triggers:
- type: manual
- type: interval
value: 60
consts: {}
name: resolve-old-alerts
owners: []
services: []
steps:
- name: get-alerts
provider:
config: '{{ providers.default-keep }}'
type: keep
with:
filter: status == 'firing'
version: 2
actions:
- foreach: ' {{ steps.get-alerts.results }} '
if: keep.to_timestamp('{{ foreach.value.lastReceived }}') < keep.utcnowtimestamp() - 3600
name: resolve-alerts
provider:
config: '{{ providers.default-mock }}'
type: mock
with:
enrich_alert:
- disposable: true
key: status
value: resolved