I’m trying to combine multiple alerts from Checkmk into a single summary message in Lark. Checkmk sends a separate notification (via a webhook script) for every service that changes state (e.g., 20 services go CRITICAL = 20 webhook calls). My current workflow (Webhook → Loop → Lark) sends 20 messages, which is too spammy.
As far as I can see, each external event triggers the webhook as an independent execution and between each execution they have no access to and about each other. so the normal outcome is that it sends 20 individual messages.
There might be other ways but IMHO you need external storage to store state
Something like this:
Webhook call X is triggered y times → writes into a file or DB , this event , this time has happened
An additional WF or trigger detects (new file or new rows in DB:
get triggered. waits Z amount of time (you define this) and after that it reads all the events that happened between the first one and the wait time and send one message out with all the events.
this allows for the events to be combined and you have still all the original data about when and what.
Hello, thank you for your suggestion; I appreciate it.
This is my current workflow:
Webhook → filter status → edit fields → store in postgres
My sub-workflow:
Every 1 minute trigger → fetch new records exist in db → code to group them by hostname → send it to Lark
I shouldn’t be struggling with the fact that I must send all services down in one message. In real world that rarely happens, and it’s not wrong to send per message per service (Duting testing, ofc it spam >22 messages together this is bad)
Hi, you are right. During a production event it’s better to receive 20 individual messages as compared to 1 aggregated. As with the latter one you might mis-judge the gravity. Good luck
