Event aggregation
If things go wrong, many events may be sent to marbot, resulting in similar alerts. To avoid a flood of alerts, marbot groups similar events into one alert (deduplication). marbot will keep you updated about the number of events aggregated into one alert.
By default, alerts are grouped for seven days and notifications for one minute. If you close an alert, the aggregation starts again as well.
Sample Alert
Alert aggregation in Slack:
Configuration
You can configure the window size for both alerts and notifications. Send a message in a channel mentioning @marbot:
@marbot Configure this endpoint!
What is a similar event?
The answer depends heavily on the integration, as the following table shows.
| Integration | Definition of similar |
|---|---|
| Amazon CloudWatch Alarm | Account ID, region, name, and state must match |
| Amazon DevOps Guru Notification | Account ID, region, message type, and insight ID must match |
| Amazon ElastiCache Notification | Event type and cache ID must match |
| Amazon EventBridge | Depends on the type |
| Amazon Inspector Notification | Account ID, region, event type, and template name must match |
| Amazon Linux AMI Update Notification | Version must match |
| Amazon S3 Event Notifications | Bucket name, object key, and event name must match |
| Amazon Simple Email Service (SES) Event | Event type and message ID must match |
| Amazon Simple Email Service (SES) Notification | Notification type and message ID must match |
| AWS Auto Scaling Notification | Account ID, region, name, and event type must match |
| AWS Backup Notification | Account ID, region, and backup job ID must match |
| AWS Budget Notification | Budget type and budget name must match |
| AWS CodePipeline Approval | Region and pipeline name must match |
| AWS CodeStar Notification | Account ID, region, source, and detail type must match |
| AWS Elastic Beanstalk Notification | Event type, application name, and environment name must match |
| AWS IoT Device Defender Audit Event | Account ID, region, and task ID must match |
| AWS IoT Device Defender Violation Event | Account ID, region, violation event type, and security profile name must match |
| AWS Price List Notification | Operation and offer code must match |
| AWS RDS Event | Event ID and source ID must match |
| AWS Trusted Advisor Weekly Update | Account ID must match |
| AWS Systems Manager Notification | Account ID, region, and document name must match |
| Bitbucket | Event type, repository name, (pull request id) must match |
| bucketAV - Antivirus for Amazon S3 | Scan status and bucket name must match |
| UptimeRobot | Alert type and monitor URL must match |
| Generic | Keys must match (or value if only one key is present) |
Chatbot for AWS Monitoring
Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.
