The tool also provides an enrichment library, past executions, continuous monitoring, and an interpretation layer. Users can define a playbook with their enrichment logic, configure it to auto-trigger based on a Slack alert received in a channel, and receive an automated investigation summary in the Slack thread for the same alert. The article also provides instructions on getting started with alert enrichment using the latest stable version via Docker Compose or Helm on a Kubernetes cluster, or by building from the source.
Key takeaways:
- PlayBooks are executable notebooks designed to automate preliminary investigations in production for engineers. They support a variety of integrations including running bash commands on a remote server, fetching logs from AWS Cloudwatch and Azure Log Analytics, querying PostgreSQL, ClickHouse or any other JDBC compatible databases, and more.
- PlayBooks can be automated to trigger based on a Slack alert received in a channel, providing an automated investigation summary in the Slack thread for the same alert.
- The tool supports fetching 50+ types of enrichment data from metric sources, logs & events, and databases. It also allows for continuous monitoring setup for specific use cases and has an interpretation layer for configuring ML modules to analyze and interpret data.
- Getting started with PlayBooks involves using the latest stable version via Docker Compose or Helm on a Kubernetes cluster, or building from source. A step-by-step guide is provided for the first alert enrichment.