From 0aa827f62c6c4202631fceb16158d7d7dad0fa87 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 25 Feb 2021 08:43:01 -0500 Subject: [PATCH 01/12] Alert type template --- docs/alert-type-template.asciidoc | 47 +++++++++++ docs/user/alerting/alert-types.asciidoc | 2 +- docs/user/alerting/defining-alerts.asciidoc | 5 +- .../alerting/stack-alerts/es-query.asciidoc | 22 +++--- .../stack-alerts/index-threshold.asciidoc | 79 ++++++++----------- x-pack/plugins/alerts/README.md | 6 +- 6 files changed, 99 insertions(+), 62 deletions(-) create mode 100644 docs/alert-type-template.asciidoc diff --git a/docs/alert-type-template.asciidoc b/docs/alert-type-template.asciidoc new file mode 100644 index 0000000000000..9511e469c988b --- /dev/null +++ b/docs/alert-type-template.asciidoc @@ -0,0 +1,47 @@ +[[alert-type-]] +=== + +Include a short description of the alert type. + +[float] +==== Create the alert + +Fill in the <>, then select **. + +//// +Optional, include a screenshot +[role="screenshot"] +image::user/alerting/images/alert-types--select.png[Choose an alert type] +//// + +[float] +==== Conditions + +Include all of the conditions for this alert type and a short description of each. + +//// +Optional, include a screenshot +[role="screenshot"] +image::user/alerting/images/alert-types--conditions.png[Conditions for alert type] +//// + +Condition1:: This is a condition the user must define. +Condition2:: This is another condition the user must define. + +[float] +==== Action variables + +When the alert condition is met, the following variables are available to each action, in addition to the <>: + +`context.variableA`:: A short description of the context variable defined by the alert type. +`context.variableB`:: A short description of the context variable defined by the alert type with an example. Example: `this is what variableB outputs`. + +<> to the alert to use these variables. + +//// +Optional, include a step-by-step example for creating this alert +[float] +==== Example + +In this section, you will use the {kib} <> to setup and tune the conditions on an alert. For this example, we want to detect when . +//// \ No newline at end of file diff --git a/docs/user/alerting/alert-types.asciidoc b/docs/user/alerting/alert-types.asciidoc index 993d815c37f71..d00e113ed7c73 100644 --- a/docs/user/alerting/alert-types.asciidoc +++ b/docs/user/alerting/alert-types.asciidoc @@ -10,7 +10,7 @@ Kibana provides two types of alerts: [float] ==== Standard stack alerts -Users require the `all` privilege to access to the *Stack Alerts* feature and create and edit alerts. . +Users require the `all` privilege to access to the *Stack Alerts* feature and create and edit alerts. See <> for more information. {kib} provides two stack alerts: diff --git a/docs/user/alerting/defining-alerts.asciidoc b/docs/user/alerting/defining-alerts.asciidoc index 77a4e5cc41ef2..bd2ed687171e6 100644 --- a/docs/user/alerting/defining-alerts.asciidoc +++ b/docs/user/alerting/defining-alerts.asciidoc @@ -5,9 +5,9 @@ {kib} alerts can be created in a variety of apps including <>, <>, <>, <> and from <> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail. [float] -=== Alert flyout +=== Creating an alert -When an alert is created in an app, the app will display a flyout panel with three main sections to configure: +When you create an alert, you need to define the alert details, the conditions and the actions. . <> . <> @@ -69,6 +69,7 @@ Each action type exposes different properties. For example an email action allow image::images/alert-flyout-action-details.png[UI for defining an email action] [float] +[[defining-alerts-actions-variables]] ==== Action variables Using the https://mustache.github.io/[Mustache] template syntax `{{variable name}}`, you can pass alert values at the time a condition is detected to an action. You can access the list of available variables using the "add variable" button. Although available variables differ by alert type, all alert types pass the following variables: diff --git a/docs/user/alerting/stack-alerts/es-query.asciidoc b/docs/user/alerting/stack-alerts/es-query.asciidoc index 9f4a882328b9f..2b65ff85eae44 100644 --- a/docs/user/alerting/stack-alerts/es-query.asciidoc +++ b/docs/user/alerting/stack-alerts/es-query.asciidoc @@ -6,20 +6,20 @@ The ES query alert type is designed to run a user-configured {es} query over ind actions to run when the threshold condition is met. [float] -==== Creating the alert +==== Create the alert -An ES query alert can be created from the *Create* button in the <>. Fill in the <>, then select *ES query*. +Fill in the <>, then select *ES query*. [role="screenshot"] -image::user/alerting/images/alert-types-es-query-select.png[Choosing an ES query alert type] +image::user/alerting/images/alert-types-es-query-select.png[Choose an ES query alert type] [float] -==== Defining the conditions +==== Conditions The ES query alert has 5 clauses that define the condition to detect. [role="screenshot"] -image::user/alerting/images/alert-types-es-query-conditions.png[Four clauses define the condition to detect] +image::user/alerting/images/alert-types-es-query-conditions.png[Five clauses define the condition to detect] Index:: This clause requires an *index or index pattern* and a *time field* that will be used for the *time window*. Size:: This clause specifies the number of documents to pass to the configured actions when the the threshold condition is met. @@ -31,7 +31,7 @@ Time window:: This clause determines how far back to search for documents, using [float] ==== Action variables -When the ES query alert condition is met, the following variables are available to use inside each action: +When the ES query alert condition is met, the following variables are available to each action, in addition to the <>: `context.title`:: A preconstructed title for the alert. Example: `alert term match alert query matched`. `context.message`:: A preconstructed message for the alert. Example: + @@ -45,22 +45,24 @@ When the ES query alert condition is met, the following variables are available `context.value`:: The value of the alert that met the condition. `context.conditions`:: A description of the condition. Example: `count greater than 4`. `context.hits`:: The most recent ES documents that matched the query. Using the https://mustache.github.io/[Mustache] template array syntax, you can iterate over these hits to get values from the ES documents into your actions. - ++ [role="screenshot"] image::images/alert-types-es-query-example-action-variable.png[Iterate over hits using Mustache template syntax] +<> to the alert to use these variables. + [float] -==== Testing your query +==== Test your query Use the *Test query* feature to verify that your query DSL is valid. When your query is valid:: Valid queries will be executed against the configured *index* using the configured *time window*. The number of documents that match the query will be displayed. - ++ [role="screenshot"] image::user/alerting/images/alert-types-es-query-valid.png[Test ES query returns number of matches when valid] When your query is invalid:: An error message is shown if the query is invalid. - ++ [role="screenshot"] image::user/alerting/images/alert-types-es-query-invalid.png[Test ES query shows error when invalid] \ No newline at end of file diff --git a/docs/user/alerting/stack-alerts/index-threshold.asciidoc b/docs/user/alerting/stack-alerts/index-threshold.asciidoc index 6b45f69401c4a..e651d2ccd89ac 100644 --- a/docs/user/alerting/stack-alerts/index-threshold.asciidoc +++ b/docs/user/alerting/stack-alerts/index-threshold.asciidoc @@ -5,15 +5,15 @@ The index threshold alert type is designed to run an {es} query over indices, aggregating field values from documents, comparing them to threshold values, and scheduling actions to run when the thresholds are met. [float] -==== Creating the alert +==== Create the alert -An index threshold alert can be created from the *Create* button in the <>. Fill in the <>, then select *Index Threshold*. +Fill in the <>, then select *Index Threshold*. [role="screenshot"] -image::user/alerting/images/alert-types-index-threshold-select.png[Choosing an index threshold alert type] +image::user/alerting/images/alert-types-index-threshold-select.png[Choose an index threshold alert type] [float] -==== Defining the conditions +==== Conditions The index threshold has 5 clauses that define the condition to detect. @@ -34,7 +34,7 @@ image::user/alerting/images/alert-types-index-threshold-preview.png[Five clauses [float] ==== Action variables -When the index threshold alert condition is met, the following variables are available to use inside each action: +When the index threshold alert condition is met, the following variables are available to each action, in addition to the <>: `context.title`:: A preconstructed title for the alert. Example: `alert kibana sites - high egress met threshold`. `context.message`:: A preconstructed message for the alert. Example: + @@ -48,71 +48,56 @@ When the index threshold alert condition is met, the following variables are ava `context.value`:: The value for the alert that met the threshold condition. `context.conditions`:: A description of the threshold condition. Example: `count greater than 4` +<> to the alert to use these variables. + [float] ==== Example In this section, you will use the {kib} <> to setup and tune the conditions on an index threshold alert. For this example, we want to detect when any of our top three sites have served more than 420,000 bytes over a 24 hour period. -From the <>, create a new alert, and fill in the <>. This alert will be checked every 4 hours, and will not execute actions more than once per day. Choose the index threshold alert type. - +. From the <>, create a new alert and fill in the <>. This alert will be checked every 4 hours, and will only execute actions when the alert status changes. Choose the index threshold alert type. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-select.png[Choosing an index threshold alert type] -Click on each clause to open a control that helps you set the value: - -[float] -==== Index clause -The index clause control will list and allow you to search for available indices. Choose *kibana_sample_data_logs* - +. Click on each clause to open a control that helps you set the value: ++ +Index clause:: The index clause control will list and allow you to search for available indices. Choose *kibana_sample_data_logs* ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-index.png[Choosing an index] - ++ Once an index is selected, the list of time fields for that index will be available to select. Choose *@timestamp*. - ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-timefield.png[Choosing a time field] - -[float] -==== When clause - -We want to detect the number of bytes served during the time window, so we select `sum` as the aggregation, and `bytes` as the field to aggregate. - ++ +When clause:: We want to detect the number of bytes served during the time window, so we select `sum` as the aggregation, and `bytes` as the field to aggregate. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-aggregation.png[Choosing the aggregation] - -[float] -==== Over/Grouped over clause - -We want to alert on the three sites that have the most traffic, so we'll group the sum of bytes by the `host.keyword` field and take the top 3 values. - ++ +Over/Grouped over clause:: We want to alert on the three sites that have the most traffic, so we'll group the sum of bytes by the `host.keyword` field and take the top 3 values. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-grouping.png[Choosing the groups] - -[float] -==== Threshold clause - -We want to alert when any site exceeds 420,000 bytes over a 24 hour period, so we'll set the threshold to 420,000 and use the `is above` comparison. - ++ +Threshold clause:: We want to alert when any site exceeds 420,000 bytes over a 24 hour period, so we'll set the threshold to 420,000 and use the `is above` comparison. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-threshold.png[Setting the threshold] - -[float] -==== Time window clause - -Finally, set the time window to 24 hours to complete the alert configuration. - ++ +Time window clause:: Finally, set the time window to 24 hours to complete the alert configuration. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-window.png[Setting the time window] -The preview chart will render showing the 24 hour sum of bytes at 4 hours intervals (the *check every* interval) for the past 120 hours (the last 30 intervals). - +. The preview chart will render showing the 24 hour sum of bytes at 4 hours intervals (the *check every* interval) for the past 120 hours (the last 30 intervals). ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-preview.png[Setting the time window] - -[float] -==== Comparing time windows - -You can interactively change the time window and observe the effect it has on the chart. Compare a 24 window to a 12 hour window. Notice the variability in the sum of bytes, due to different traffic levels during the day compared to at night. This variability would result in noisy alerts, so the 24 hour window is better. The preview chart can help you find the right values for your alert. - ++ +Comparing time windows:: You can interactively change the time window and observe the effect it has on the chart. Compare a 24 window to a 12 hour window. Notice the variability in the sum of bytes, due to different traffic levels during the day compared to at night. This variability would result in noisy alerts, so the 24 hour window is better. The preview chart can help you find the right values for your alert. ++ [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-comparison.png[Comparing two time windows] \ No newline at end of file diff --git a/x-pack/plugins/alerts/README.md b/x-pack/plugins/alerts/README.md index aab848d4555d2..0e922e0a475ba 100644 --- a/x-pack/plugins/alerts/README.md +++ b/x-pack/plugins/alerts/README.md @@ -110,9 +110,9 @@ This is the primary function for an alert type. Whenever the alert needs to exec |createdBy|The userid that created this alert.| |updatedBy|The userid that last updated this alert.| -### The `actionVariables` property +### Action Variables -This property should contain the **flattened** names of the state and context variables available when an executor calls `alertInstance.scheduleActions(actionGroup, context)`. These names are meant to be used in prompters in the alerting user interface, are used as text values for display, and can be inserted into to an action parameter text entry field via UI gesture (eg, clicking a menu item from a menu built with these names). They should be flattened, so if a state or context variable is an object with properties, these should be listed with the "parent" property/properties in the name, separated by a `.` (period). +The `actionVariables` property should contain the **flattened** names of the state and context variables available when an executor calls `alertInstance.scheduleActions(actionGroup, context)`. These names are meant to be used in prompters in the alerting user interface, are used as text values for display, and can be inserted into to an action parameter text entry field via UI gesture (eg, clicking a menu item from a menu built with these names). They should be flattened, so if a state or context variable is an object with properties, these should be listed with the "parent" property/properties in the name, separated by a `.` (period). For example, if the `context` has one variable `foo` which is an object that has one property `bar`, and there are no `state` variables, the `actionVariables` value would be in the following shape: @@ -124,6 +124,8 @@ For example, if the `context` has one variable `foo` which is an object that has } ``` +### Documentation +We suggest you add user documentation for your alert type following the template provided in `docs/alert-type-template.asciidoc`. The [Index Threshold alert type](https://www.elastic.co/guide/en/kibana/master/alert-type-index-threshold.html) is an example of documentation created following the template. ### Example This example receives server and threshold as parameters. It will read the CPU usage of the server and schedule actions to be executed (asynchronously by the task manager) if the reading is greater than the threshold. From 4222fc47f3edcedeebf83f1cdd33f480bcc7f5da Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 25 Feb 2021 10:42:39 -0500 Subject: [PATCH 02/12] Action type template --- docs/action-type-template.asciidoc | 71 ++++++++++++++++++ .../user/alerting/action-types/email.asciidoc | 72 ++++++++----------- .../user/alerting/action-types/index.asciidoc | 31 +++----- docs/user/alerting/action-types/jira.asciidoc | 45 +++++------- .../alerting/action-types/pagerduty.asciidoc | 34 +++------ .../alerting/action-types/resilient.asciidoc | 45 +++++------- .../alerting/action-types/server-log.asciidoc | 4 +- .../alerting/action-types/servicenow.asciidoc | 41 ++++------- .../user/alerting/action-types/slack.asciidoc | 19 ++--- .../user/alerting/action-types/teams.asciidoc | 21 ++---- .../alerting/action-types/webhook.asciidoc | 58 ++++++--------- x-pack/plugins/actions/README.md | 56 +-------------- 12 files changed, 207 insertions(+), 290 deletions(-) create mode 100644 docs/action-type-template.asciidoc diff --git a/docs/action-type-template.asciidoc b/docs/action-type-template.asciidoc new file mode 100644 index 0000000000000..c6c459c352fc3 --- /dev/null +++ b/docs/action-type-template.asciidoc @@ -0,0 +1,71 @@ +[[-action-type]] +=== action + +Include a short description of the action type. + +[float] +[[-connector-configuration]] +==== Connector configuration + + connectors have the following configuration properties. + +//// +List of user-facing connector configurations. This should align with the fields available in the Create connector flyout form for this action type. +//// + +Property1:: A short description of this property. +Property2:: A short description of this property with format hints. This can be specified in `this specific format`. + +[float] +[[Preconfigured--configuration]] +==== Preconfigured action type + +//// +Example preconfigured format for this action type +//// + +[source,text] +-- + my-: + name: preconfigured--action-type + actionTypeId: . + config: <1> + property1: value1 + property2: value2 + secrets: <2> + property3: value3 +-- + +[float] +[[-connector-config-properties]] +//// +List of properties from the ConfigSchema and SecretsSchema for this action type. +//// +<1> Config defines information for the action type and contains the following properties. ++ +`property1`:: A short description of this property. ++ +`property2`:: A short descriptionn of this property. + +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`property3`:: A short descriptionn of this property. + +[float] +[[-action-configuration]] +==== Action configuration + + actions have the following configuration properties. + +//// +List of user-facing action configurations. This should align with the fields available in the Action section of the Create/Update alert flyout. +//// + +Property1:: A short description of this property. +Property2:: A short description of this property with format hints. This can be specified in `this specific format`. + +//// +Optional - additional configuration details here +[[configuring-]] +==== Configuring +//// \ No newline at end of file diff --git a/docs/user/alerting/action-types/email.asciidoc b/docs/user/alerting/action-types/email.asciidoc index 0c238da1b39e3..d0a566b69c577 100644 --- a/docs/user/alerting/action-types/email.asciidoc +++ b/docs/user/alerting/action-types/email.asciidoc @@ -10,14 +10,15 @@ NOTE: For emails to have a footer with a link back to {kib}, set the <"` format. See the https://nodemailer.com/message/addresses/[Nodemailer address documentation] for more information. Host:: Host name of the service provider. If you are using the <> setting, make sure this hostname is added to the allowed hosts. Port:: The port to connect to on the service provider. Secure:: If true, the connection will use TLS when connecting to the service provider. Refer to the https://nodemailer.com/smtp/#tls-options[Nodemailer TLS documentation] for more information. If not true, the connection will initially connect over TCP, then attempt to switch to TLS via the SMTP STARTTLS command. -User:: Username for login type authentication. +Require authentication:: If true, a username and password for login type authentication must be provided. +Username:: Username for login type authentication. Password:: Password for login type authentication. [float] @@ -29,66 +30,49 @@ Password:: Password for login type authentication. my-email: name: preconfigured-email-action-type actionTypeId: .email - config: + config: <1> from: testsender@test.com host: validhostname port: 8080 secure: false - secrets: + secrets: <2> user: testuser password: passwordkeystorevalue -- -[[email-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: - -[cols="2*<"] -|=== - -| `service` -| The name of a https://nodemailer.com/smtp/well-known/[well-known email service provider]. If `service` is provided, `host`, `port`, and `secure` properties are ignored. For more information on the `gmail` service value, see the (https://nodemailer.com/usage/using-gmail/)[Nodemailer Gmail documentation]. - -| `from` -| An email address that corresponds to *Sender*. - -| `host` -| A string that corresponds to *Host*. - -| `port` -| A number that corresponds to *Port*. - -| `secure` -| A boolean that corresponds to *Secure*. - -| `hasAuth` -| If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `user` -| A string that corresponds to *User*. Required if `hasAuth` is set to `true`. - -| `password` -| A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. - -|=== +<1> Config defines information for the action type and contains the following properties. ++ +`service`:: The name of a https://nodemailer.com/smtp/well-known/[well-known email service provider]. If `service` is provided, `host`, `port`, and `secure` properties are ignored. For more information on the `gmail` service value, see the (https://nodemailer.com/usage/using-gmail/)[Nodemailer Gmail documentation]. ++ +`from`:: An email address that corresponds to *Sender*. ++ +`host`:: A string that corresponds to *Host*. ++ +`port`:: A number that corresponds to *Port*. ++ +`secure`:: A boolean that corresponds to *Secure*. ++ +`hasAuth`:: A boolean that corresponds to *Requires authentication*. If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. + +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`user`:: A string that corresponds to *Username*. Required if `hasAuth` is set to `true`. ++ +`password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. +''' +[float] [[email-action-configuration]] ==== Action configuration -Email actions have the following configuration properties: +Email actions have the following configuration properties. To, CC, BCC:: Each is a list of addresses. Addresses can be specified in `user@host-name` format, or in `name ` format. One of To, CC, or BCC must contain an entry. Subject:: The subject line of the email. Message:: The message text of the email. Markdown format is supported. [[configuring-email]] -==== Configuring email accounts +==== Configuring email accounts for well-known services The email action can send email using many popular SMTP email services. diff --git a/docs/user/alerting/action-types/index.asciidoc b/docs/user/alerting/action-types/index.asciidoc index 7ecc1cdb4f74e..73b489de3fb22 100644 --- a/docs/user/alerting/action-types/index.asciidoc +++ b/docs/user/alerting/action-types/index.asciidoc @@ -8,7 +8,7 @@ The index action type will index a document into {es}. See also the {ref}/indice [[index-connector-configuration]] ==== Connector configuration -Index connectors have the following configuration properties: +Index connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. Index:: The {es} index to be written to. @@ -24,35 +24,26 @@ Execution time field:: This field will be automatically set to the time the ale my-index: name: action-type-index actionTypeId: .index - config: + config: <1> index: .kibana refresh: true executionTimeField: somedate -- -[[index-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: - -[cols="2*<"] -|=== - -|`index` -| A string that corresponds to *Index*. - -|`refresh` -| A boolean that corresponds to *Refresh*. Defaults to `false`. - -|`executionTimeField` -| A string that corresponds to *Execution time field*. - -|=== - +<1> Config defines information for the action type and contains the following properties. ++ +`index`:: A string that corresponds to *Index*. ++ +`refresh`:: A boolean that corresponds to *Refresh*. Defaults to `false`. ++ +`executionTimeField`:: A string that corresponds to *Execution time field*. +''' [float] [[index-action-configuration]] ==== Action configuration -Index actions have the following properties: +Index actions have the following properties. Document:: The document to index in JSON format. diff --git a/docs/user/alerting/action-types/jira.asciidoc b/docs/user/alerting/action-types/jira.asciidoc index 0740cf7838b15..e4cf5b3afa500 100644 --- a/docs/user/alerting/action-types/jira.asciidoc +++ b/docs/user/alerting/action-types/jira.asciidoc @@ -8,7 +8,7 @@ The Jira action type uses the https://developer.atlassian.com/cloud/jira/platfor [[jira-connector-configuration]] ==== Connector configuration -Jira connectors have the following configuration properties: +Jira connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action. URL:: Jira instance URL. @@ -25,45 +25,32 @@ API token (or password):: Jira API authentication token (or password) for HTTP my-jira: name: preconfigured-jira-action-type actionTypeId: .jira - config: + config: <1> apiUrl: https://elastic.atlassian.net projectKey: ES - secrets: + secrets: <2> email: testuser apiToken: tokenkeystorevalue -- -[[jira-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: +<1> Config defines information for the action type and contains the following properties. ++ +`apiUrl`:: An address that corresponds to *URL*. ++ +`projectKey`:: A key that corresponds to *Project Key*. -[cols="2*<"] -|=== - -| `apiUrl` -| An address that corresponds to *URL*. - -| `projectKey` -| A key that corresponds to *Project Key*. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `email` -| A string that corresponds to *Email*. - -| `apiToken` -| A string that corresponds to *API Token*. Should be stored in the <>. - -|=== +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`email`:: A string that corresponds to *Email*. ++ +`apiToken`:: A string that corresponds to *API Token*. Should be stored in the <>. +''' +[float] [[jira-action-configuration]] ==== Action configuration -Jira actions have the following configuration properties: +Jira actions have the following configuration properties. Subaction:: The subaction to perform: `pushToService`, `getIncident`, `issueTypes`, `fieldsByIssueType`, `issues`, `issue`, or `getFields`. Subaction params:: The parameters of the subaction. diff --git a/docs/user/alerting/action-types/pagerduty.asciidoc b/docs/user/alerting/action-types/pagerduty.asciidoc index c3185aaad553a..6c8885d5ae876 100644 --- a/docs/user/alerting/action-types/pagerduty.asciidoc +++ b/docs/user/alerting/action-types/pagerduty.asciidoc @@ -129,7 +129,7 @@ This is an irreversible action and impacts all alerts that use this connector. [[pagerduty-connector-configuration]] ==== Connector configuration -PagerDuty connectors have the following configuration properties: +PagerDuty connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. API URL:: An optional PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. If you are using the <> setting, make sure the hostname is added to the allowed hosts. @@ -144,38 +144,26 @@ Integration Key:: A 32 character PagerDuty Integration Key for an integration my-pagerduty: name: preconfigured-pagerduty-action-type actionTypeId: .pagerduty - config: + config: <1> apiUrl: https://test.host - secrets: + secrets: <2> routingKey: testroutingkey -- -[[pagerduty-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: - -[cols="2*<"] -|=== - -|`apiURL` -| A URL string that corresponds to *API URL*. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -|`routingKey` -| A string that corresponds to *Integration Key*. +<1> Config defines information for the action type and contains the following properties. ++ +`apiURL`:: A URL string that corresponds to *API URL*. -|=== +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`routingKey`:: A string that corresponds to *Integration Key*. +''' [float] [[pagerduty-action-configuration]] ==== Action configuration -PagerDuty actions have the following properties: +PagerDuty actions have the following properties. Severity:: The perceived severity of on the affected system. This can be one of `Critical`, `Error`, `Warning` or `Info`(default). Event action:: One of `Trigger` (default), `Resolve`, or `Acknowledge`. See https://v2.developer.pagerduty.com/docs/events-api-v2#event-action[event action] for more details. diff --git a/docs/user/alerting/action-types/resilient.asciidoc b/docs/user/alerting/action-types/resilient.asciidoc index dfa95e2deec00..e1d8755e245fa 100644 --- a/docs/user/alerting/action-types/resilient.asciidoc +++ b/docs/user/alerting/action-types/resilient.asciidoc @@ -8,7 +8,7 @@ The IBM Resilient action type uses the https://developer.ibm.com/security/resili [[resilient-connector-configuration]] ==== Connector configuration -IBM Resilient connectors have the following configuration properties: +IBM Resilient connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action. URL:: IBM Resilient instance URL. @@ -25,45 +25,32 @@ API key secret:: The authentication key secret for HTTP Basic authentication. my-resilient: name: preconfigured-resilient-action-type actionTypeId: .resilient - config: + config: <1> apiUrl: https://elastic.resilient.net orgId: ES - secrets: + secrets: <2> apiKeyId: testuser apiKeySecret: tokenkeystorevalue -- -[[resilient-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: +<1> Config defines information for the action type and contains the following properties. ++ +`apiUrl`:: An address that corresponds to *URL*. ++ +`orgId`:: An ID that corresponds to *Organization ID*. -[cols="2*<"] -|=== - -| `apiUrl` -| An address that corresponds to *URL*. - -| `orgId` -| An ID that corresponds to *Organization ID*. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `apiKeyId` -| A string that corresponds to *API key ID*. - -| `apiKeySecret` -| A string that corresponds to *API Key secret*. Should be stored in the <>. - -|=== +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`apiKeyId`:: A string that corresponds to *API key ID*. ++ +`apiKeySecret`:: A string that corresponds to *API Key secret*. Should be stored in the <>. +''' +[float] [[resilient-action-configuration]] ==== Action configuration -IBM Resilient actions have the following configuration properties: +IBM Resilient actions have the following configuration properties. Subaction:: The subaction to perform: `pushToService`, `getFields`, `incidentTypes`, or `severity`. Subaction params:: The parameters of the subaction. diff --git a/docs/user/alerting/action-types/server-log.asciidoc b/docs/user/alerting/action-types/server-log.asciidoc index 276f64e7786bd..b300030c21433 100644 --- a/docs/user/alerting/action-types/server-log.asciidoc +++ b/docs/user/alerting/action-types/server-log.asciidoc @@ -8,7 +8,7 @@ This action type writes an entry to the {kib} server log. [[server-log-connector-configuration]] ==== Connector configuration -Server log connectors have the following configuration properties: +Server log connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. @@ -27,7 +27,7 @@ Name:: The name of the connector. The name is used to identify a connector [[server-log-action-configuration]] ==== Action configuration -Server log actions have the following properties: +Server log actions have the following properties. Message:: The message to log. Level:: The log level of the message: `trace`, `debug`, `info`, `warn`, `error` or `fatal`. Defaults to `info`. diff --git a/docs/user/alerting/action-types/servicenow.asciidoc b/docs/user/alerting/action-types/servicenow.asciidoc index d1ee1b9357737..f83090492d9a7 100644 --- a/docs/user/alerting/action-types/servicenow.asciidoc +++ b/docs/user/alerting/action-types/servicenow.asciidoc @@ -8,7 +8,7 @@ The ServiceNow action type uses the https://developer.servicenow.com/app.do#!/re [[servicenow-connector-configuration]] ==== Connector configuration -ServiceNow connectors have the following configuration properties: +ServiceNow connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action. URL:: ServiceNow instance URL. @@ -24,41 +24,28 @@ Password:: Password for HTTP Basic authentication. my-servicenow: name: preconfigured-servicenow-action-type actionTypeId: .servicenow - config: + config: <1> apiUrl: https://dev94428.service-now.com/ - secrets: + secrets: <2> username: testuser password: passwordkeystorevalue -- +<1> Config defines information for the action type and contains the following properties. ++ +`apiUrl`:: An address that corresponds to *URL*. -[[servicenow-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: - -[cols="2*<"] -|=== - -| `apiUrl` -| An address that corresponds to *URL*. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `username` -| A string that corresponds to *Username*. - -| `password` -| A string that corresponds to *Password*. Should be stored in the <>. - -|=== +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`username`:: A string that corresponds to *Username*. ++ +`password`:: A string that corresponds to *Password*. Should be stored in the <>. +''' +[float] [[servicenow-action-configuration]] ==== Action configuration -ServiceNow actions have the following configuration properties: +ServiceNow actions have the following configuration properties. Subaction:: The subaction to perform: `pushToService`, `getFields`, `getIncident`, or `getChoices`. Subaction params:: The parameters of the subaction. diff --git a/docs/user/alerting/action-types/slack.asciidoc b/docs/user/alerting/action-types/slack.asciidoc index 6258969753356..67d5066d3c463 100644 --- a/docs/user/alerting/action-types/slack.asciidoc +++ b/docs/user/alerting/action-types/slack.asciidoc @@ -8,7 +8,7 @@ The Slack action type uses https://api.slack.com/incoming-webhooks[Slack Incomin [[slack-connector-configuration]] ==== Connector configuration -Slack connectors have the following configuration properties: +Slack connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. Webhook URL:: The URL of the incoming webhook. See https://api.slack.com/messaging/webhooks#getting_started[Slack Incoming Webhooks] for instructions on generating this URL. If you are using the <> setting, make sure the hostname is added to the allowed hosts. @@ -22,25 +22,20 @@ Webhook URL:: The URL of the incoming webhook. See https://api.slack.com/messa my-slack: name: preconfigured-slack-action-type actionTypeId: .slack - secrets: + secrets: <1> webhookUrl: 'https://hooks.slack.com/services/abcd/efgh/ijklmnopqrstuvwxyz' -- -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `webhookUrl` -| A string that corresponds to *Webhook URL*. - -|=== +<1> Secrets defines sensitive information for the action type and contains the following properties. ++ +`webhookUrl`:: A string that corresponds to *Webhook URL*. +''' [float] [[slack-action-configuration]] ==== Action configuration -Slack actions have the following properties: +Slack actions have the following properties. Message:: The message text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported. diff --git a/docs/user/alerting/action-types/teams.asciidoc b/docs/user/alerting/action-types/teams.asciidoc index 7f4a29dc86fc5..21e6851daae21 100644 --- a/docs/user/alerting/action-types/teams.asciidoc +++ b/docs/user/alerting/action-types/teams.asciidoc @@ -8,7 +8,7 @@ The Microsoft Teams action type uses https://docs.microsoft.com/en-us/microsoftt [[teams-connector-configuration]] ==== Connector configuration -Microsoft Teams connectors have the following configuration properties: +Microsoft Teams connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. Webhook URL:: The URL of the incoming webhook. See https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook#add-an-incoming-webhook-to-a-teams-channel[Add Incoming Webhooks] for instructions on generating this URL. If you are using the <> setting, make sure the hostname is added to the allowed hosts. @@ -22,27 +22,20 @@ Webhook URL:: The URL of the incoming webhook. See https://docs.microsoft.com/ my-teams: name: preconfigured-teams-action-type actionTypeId: .teams - secrets: + secrets: <1> webhookUrl: 'https://outlook.office.com/webhook/abcd@0123456/IncomingWebhook/abcdefgh/ijklmnopqrstuvwxyz' -- -[[teams-connector-config-properties]] -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -| `webhookUrl` -| A string that corresponds to *Webhook URL*. - -|=== - +<1> Secrets defines sensitive information for the action type and contains the following properties. ++ +`webhookUrl`:: A string that corresponds to *Webhook URL*. +''' [float] [[teams-action-configuration]] ==== Action configuration -Microsoft Teams actions have the following properties: +Microsoft Teams actions have the following properties. Message:: The message text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported. diff --git a/docs/user/alerting/action-types/webhook.asciidoc b/docs/user/alerting/action-types/webhook.asciidoc index efe1077707ef0..0744b08e039a6 100644 --- a/docs/user/alerting/action-types/webhook.asciidoc +++ b/docs/user/alerting/action-types/webhook.asciidoc @@ -8,13 +8,14 @@ The Webhook action type uses https://github.com/axios/axios[axios] to send a POS [[webhook-connector-configuration]] ==== Connector configuration -Webhook connectors have the following configuration properties: +Webhook connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. URL:: The request URL. If you are using the <> setting, make sure the hostname is added to the allowed hosts. Method:: HTTP request method, either `POST`(default) or `PUT`. Headers:: A set of key-value pairs sent as headers with the request -User:: Username for HTTP basic authentication. +Require authentication:: If true, a username and password for login type authentication must be provided. +Username:: Username for HTTP basic authentication. Password:: Password for HTTP basic authentication. [float] @@ -26,55 +27,38 @@ Password:: Password for HTTP basic authentication. my-webhook: name: preconfigured-webhook-action-type actionTypeId: .webhook - config: + config: <1> url: https://test.host method: POST headers: testheader: testvalue - secrets: + secrets: <2> user: testuser password: passwordkeystorevalue -- -[[webhook-connector-config-properties]] -**`config`** defines the action type specific to the configuration and contains the following properties: - -[cols="2*<"] -|=== - -|`url` -| A URL string that corresponds to *URL*. - -|`method` -| A string that corresponds to *Method*. - -|`headers` -|A record that corresponds to *Headers*. - -| `hasAuth` -| If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. - -|=== - -**`secrets`** defines sensitive information for the action type and contains the following properties: - -[cols="2*<"] -|=== - -|`user` -|A string that corresponds to *User*. Required if `hasAuth` is set to `true`. - -|`password` -|A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. - -|=== +<1> Config defines information for the action type and contains the following properties. ++ +`url`:: A URL string that corresponds to *URL*. ++ +`method`:: A string that corresponds to *Method*. ++ +`headers`:: A record that corresponds to *Headers*. ++ +`hasAuth`:: A boolean that corresponds to *Requires authentication*. If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. +<2> Secrets defines sensitive information for the action type and contains the following properties. ++ +`user`:: A string that corresponds to *User*. Required if `hasAuth` is set to `true`. ++ +`password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. +''' [float] [[webhook-action-configuration]] ==== Action configuration -Webhook actions have the following properties: +Webhook actions have the following properties. Body:: A JSON payload sent to the request URL. For example: + diff --git a/x-pack/plugins/actions/README.md b/x-pack/plugins/actions/README.md index 78094f4c0eb0b..a0337cdca7cd9 100644 --- a/x-pack/plugins/actions/README.md +++ b/x-pack/plugins/actions/README.md @@ -32,58 +32,6 @@ Table of Contents - [Example](#example-1) - [actionsClient.execute(options)](#actionsclientexecuteoptions) - [Example](#example-2) -- [Built-in Action Types](#built-in-action-types) - - [Server log](#server-log) - - [`config`](#config) - - [`secrets`](#secrets) - - [`params`](#params) - - [Email](#email) - - [`config`](#config-1) - - [`secrets`](#secrets-1) - - [`params`](#params-1) - - [Slack](#slack) - - [`config`](#config-2) - - [`secrets`](#secrets-2) - - [`params`](#params-2) - - [Index](#index) - - [`config`](#config-3) - - [`secrets`](#secrets-3) - - [`params`](#params-3) - - [Webhook](#webhook) - - [`config`](#config-4) - - [`secrets`](#secrets-4) - - [`params`](#params-4) - - [PagerDuty](#pagerduty) - - [`config`](#config-5) - - [`secrets`](#secrets-5) - - [`params`](#params-5) - - [ServiceNow](#servicenow) - - [`config`](#config-6) - - [`secrets`](#secrets-6) - - [`params`](#params-6) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice) - - [`subActionParams (getFields)`](#subactionparams-getfields) - - [`subActionParams (getIncident)`](#subactionparams-getincident) - - [`subActionParams (getChoices)`](#subactionparams-getchoices) - - [Jira](#jira) - - [`config`](#config-7) - - [`secrets`](#secrets-7) - - [`params`](#params-7) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-1) - - [`subActionParams (getIncident)`](#subactionparams-getincident-1) - - [`subActionParams (issueTypes)`](#subactionparams-issuetypes) - - [`subActionParams (fieldsByIssueType)`](#subactionparams-fieldsbyissuetype) - - [`subActionParams (issues)`](#subactionparams-issues) - - [`subActionParams (issue)`](#subactionparams-issue) - - [`subActionParams (getFields)`](#subactionparams-getfields-1) - - [IBM Resilient](#ibm-resilient) - - [`config`](#config-8) - - [`secrets`](#secrets-8) - - [`params`](#params-8) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-2) - - [`subActionParams (getFields)`](#subactionparams-getfields-2) - - [`subActionParams (incidentTypes)`](#subactionparams-incidenttypes) - - [`subActionParams (severity)`](#subactionparams-severity) - [Command Line Utility](#command-line-utility) - [Developing New Action Types](#developing-new-action-types) - [licensing](#licensing) @@ -310,7 +258,9 @@ Actions that take URLs or hostnames should check that those values are allowed. ## documentation -You should also create some asciidoc for the new action type. An entry should be made in the action type index - [`docs/user/alerting/action-types.asciidoc`](../../../docs/user/alerting/action-types.asciidoc) which points to a new document for the action type that should be in the directory [`docs/user/alerting/action-types`](../../../docs/user/alerting/action-types). +You should create asciidoc for the new action type. Add an entry to the action type index - [`docs/user/alerting/action-types.asciidoc`](../../../docs/user/alerting/action-types.asciidoc) which points to a new document for the action type that should be in the directory [`docs/user/alerting/action-types`](../../../docs/user/alerting/action-types). + +We suggest following the template provided in `docs/action-type-template.asciidoc`. The [Email action type](https://www.elastic.co/guide/en/kibana/master/email-action-type.html) is an example of documentation created following the template. ## tests From 5a332e827425eabc485bcfe2d6e30ccb3f70b187 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 25 Feb 2021 11:37:47 -0500 Subject: [PATCH 03/12] Cleanup --- x-pack/plugins/actions/README.md | 52 ++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/x-pack/plugins/actions/README.md b/x-pack/plugins/actions/README.md index a0337cdca7cd9..ecdee559da049 100644 --- a/x-pack/plugins/actions/README.md +++ b/x-pack/plugins/actions/README.md @@ -32,6 +32,58 @@ Table of Contents - [Example](#example-1) - [actionsClient.execute(options)](#actionsclientexecuteoptions) - [Example](#example-2) +- [Built-in Action Types](#built-in-action-types) + - [Server log](#server-log) + - [`config`](#config) + - [`secrets`](#secrets) + - [`params`](#params) + - [Email](#email) + - [`config`](#config-1) + - [`secrets`](#secrets-1) + - [`params`](#params-1) + - [Slack](#slack) + - [`config`](#config-2) + - [`secrets`](#secrets-2) + - [`params`](#params-2) + - [Index](#index) + - [`config`](#config-3) + - [`secrets`](#secrets-3) + - [`params`](#params-3) + - [Webhook](#webhook) + - [`config`](#config-4) + - [`secrets`](#secrets-4) + - [`params`](#params-4) + - [PagerDuty](#pagerduty) + - [`config`](#config-5) + - [`secrets`](#secrets-5) + - [`params`](#params-5) + - [ServiceNow](#servicenow) + - [`config`](#config-6) + - [`secrets`](#secrets-6) + - [`params`](#params-6) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice) + - [`subActionParams (getFields)`](#subactionparams-getfields) + - [`subActionParams (getIncident)`](#subactionparams-getincident) + - [`subActionParams (getChoices)`](#subactionparams-getchoices) + - [Jira](#jira) + - [`config`](#config-7) + - [`secrets`](#secrets-7) + - [`params`](#params-7) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-1) + - [`subActionParams (getIncident)`](#subactionparams-getincident-1) + - [`subActionParams (issueTypes)`](#subactionparams-issuetypes) + - [`subActionParams (fieldsByIssueType)`](#subactionparams-fieldsbyissuetype) + - [`subActionParams (issues)`](#subactionparams-issues) + - [`subActionParams (issue)`](#subactionparams-issue) + - [`subActionParams (getFields)`](#subactionparams-getfields-1) + - [IBM Resilient](#ibm-resilient) + - [`config`](#config-8) + - [`secrets`](#secrets-8) + - [`params`](#params-8) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-2) + - [`subActionParams (getFields)`](#subactionparams-getfields-2) + - [`subActionParams (incidentTypes)`](#subactionparams-incidenttypes) + - [`subActionParams (severity)`](#subactionparams-severity) - [Command Line Utility](#command-line-utility) - [Developing New Action Types](#developing-new-action-types) - [licensing](#licensing) From 7b9ee250aa326e79ce955a3dad44e2ea92b5cf77 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 25 Feb 2021 11:40:21 -0500 Subject: [PATCH 04/12] Cleanup --- x-pack/plugins/actions/README.md | 102 +++++++++++++++---------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/x-pack/plugins/actions/README.md b/x-pack/plugins/actions/README.md index ecdee559da049..ec17c1564b76c 100644 --- a/x-pack/plugins/actions/README.md +++ b/x-pack/plugins/actions/README.md @@ -32,57 +32,57 @@ Table of Contents - [Example](#example-1) - [actionsClient.execute(options)](#actionsclientexecuteoptions) - [Example](#example-2) -- [Built-in Action Types](#built-in-action-types) - - [Server log](#server-log) - - [`config`](#config) - - [`secrets`](#secrets) - - [`params`](#params) - - [Email](#email) - - [`config`](#config-1) - - [`secrets`](#secrets-1) - - [`params`](#params-1) - - [Slack](#slack) - - [`config`](#config-2) - - [`secrets`](#secrets-2) - - [`params`](#params-2) - - [Index](#index) - - [`config`](#config-3) - - [`secrets`](#secrets-3) - - [`params`](#params-3) - - [Webhook](#webhook) - - [`config`](#config-4) - - [`secrets`](#secrets-4) - - [`params`](#params-4) - - [PagerDuty](#pagerduty) - - [`config`](#config-5) - - [`secrets`](#secrets-5) - - [`params`](#params-5) - - [ServiceNow](#servicenow) - - [`config`](#config-6) - - [`secrets`](#secrets-6) - - [`params`](#params-6) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice) - - [`subActionParams (getFields)`](#subactionparams-getfields) - - [`subActionParams (getIncident)`](#subactionparams-getincident) - - [`subActionParams (getChoices)`](#subactionparams-getchoices) - - [Jira](#jira) - - [`config`](#config-7) - - [`secrets`](#secrets-7) - - [`params`](#params-7) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-1) - - [`subActionParams (getIncident)`](#subactionparams-getincident-1) - - [`subActionParams (issueTypes)`](#subactionparams-issuetypes) - - [`subActionParams (fieldsByIssueType)`](#subactionparams-fieldsbyissuetype) - - [`subActionParams (issues)`](#subactionparams-issues) - - [`subActionParams (issue)`](#subactionparams-issue) - - [`subActionParams (getFields)`](#subactionparams-getfields-1) - - [IBM Resilient](#ibm-resilient) - - [`config`](#config-8) - - [`secrets`](#secrets-8) - - [`params`](#params-8) - - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-2) - - [`subActionParams (getFields)`](#subactionparams-getfields-2) - - [`subActionParams (incidentTypes)`](#subactionparams-incidenttypes) +- [Built-in Action Types](#built-in-action-types) + - [Server log](#server-log) + - [`config`](#config) + - [`secrets`](#secrets) + - [`params`](#params) + - [Email](#email) + - [`config`](#config-1) + - [`secrets`](#secrets-1) + - [`params`](#params-1) + - [Slack](#slack) + - [`config`](#config-2) + - [`secrets`](#secrets-2) + - [`params`](#params-2) + - [Index](#index) + - [`config`](#config-3) + - [`secrets`](#secrets-3) + - [`params`](#params-3) + - [Webhook](#webhook) + - [`config`](#config-4) + - [`secrets`](#secrets-4) + - [`params`](#params-4) + - [PagerDuty](#pagerduty) + - [`config`](#config-5) + - [`secrets`](#secrets-5) + - [`params`](#params-5) + - [ServiceNow](#servicenow) + - [`config`](#config-6) + - [`secrets`](#secrets-6) + - [`params`](#params-6) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice) + - [`subActionParams (getFields)`](#subactionparams-getfields) + - [`subActionParams (getIncident)`](#subactionparams-getincident) + - [`subActionParams (getChoices)`](#subactionparams-getchoices) + - [Jira](#jira) + - [`config`](#config-7) + - [`secrets`](#secrets-7) + - [`params`](#params-7) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-1) + - [`subActionParams (getIncident)`](#subactionparams-getincident-1) + - [`subActionParams (issueTypes)`](#subactionparams-issuetypes) + - [`subActionParams (fieldsByIssueType)`](#subactionparams-fieldsbyissuetype) + - [`subActionParams (issues)`](#subactionparams-issues) + - [`subActionParams (issue)`](#subactionparams-issue) + - [`subActionParams (getFields)`](#subactionparams-getfields-1) + - [IBM Resilient](#ibm-resilient) + - [`config`](#config-8) + - [`secrets`](#secrets-8) + - [`params`](#params-8) + - [`subActionParams (pushToService)`](#subactionparams-pushtoservice-2) + - [`subActionParams (getFields)`](#subactionparams-getfields-2) + - [`subActionParams (incidentTypes)`](#subactionparams-incidenttypes) - [`subActionParams (severity)`](#subactionparams-severity) - [Command Line Utility](#command-line-utility) - [Developing New Action Types](#developing-new-action-types) From cd216e3dbfadc8d3861a95fd583bd7a041d55637 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 25 Feb 2021 13:01:00 -0500 Subject: [PATCH 05/12] Removing callout list --- docs/action-type-template.asciidoc | 13 ++++++------ .../user/alerting/action-types/email.asciidoc | 20 +++++++------------ .../user/alerting/action-types/index.asciidoc | 9 +++------ docs/user/alerting/action-types/jira.asciidoc | 15 ++++++-------- .../alerting/action-types/pagerduty.asciidoc | 13 ++++++------ .../alerting/action-types/resilient.asciidoc | 15 ++++++-------- .../alerting/action-types/servicenow.asciidoc | 15 +++++++------- .../user/alerting/action-types/slack.asciidoc | 7 +++---- .../user/alerting/action-types/teams.asciidoc | 7 +++---- .../alerting/action-types/webhook.asciidoc | 17 ++++++---------- x-pack/plugins/alerts/README.md | 10 +++++++++- 11 files changed, 62 insertions(+), 79 deletions(-) diff --git a/docs/action-type-template.asciidoc b/docs/action-type-template.asciidoc index c6c459c352fc3..4121389085c36 100644 --- a/docs/action-type-template.asciidoc +++ b/docs/action-type-template.asciidoc @@ -29,10 +29,10 @@ Example preconfigured format for this action type my-: name: preconfigured--action-type actionTypeId: . - config: <1> + config: property1: value1 property2: value2 - secrets: <2> + secrets: property3: value3 -- @@ -41,14 +41,13 @@ Example preconfigured format for this action type //// List of properties from the ConfigSchema and SecretsSchema for this action type. //// -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `property1`:: A short description of this property. -+ `property2`:: A short descriptionn of this property. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `property3`:: A short descriptionn of this property. [float] diff --git a/docs/user/alerting/action-types/email.asciidoc b/docs/user/alerting/action-types/email.asciidoc index d0a566b69c577..2032984f47543 100644 --- a/docs/user/alerting/action-types/email.asciidoc +++ b/docs/user/alerting/action-types/email.asciidoc @@ -30,36 +30,30 @@ Password:: Password for login type authentication. my-email: name: preconfigured-email-action-type actionTypeId: .email - config: <1> + config: from: testsender@test.com host: validhostname port: 8080 secure: false - secrets: <2> + secrets: user: testuser password: passwordkeystorevalue -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type + `service`:: The name of a https://nodemailer.com/smtp/well-known/[well-known email service provider]. If `service` is provided, `host`, `port`, and `secure` properties are ignored. For more information on the `gmail` service value, see the (https://nodemailer.com/usage/using-gmail/)[Nodemailer Gmail documentation]. -+ `from`:: An email address that corresponds to *Sender*. -+ `host`:: A string that corresponds to *Host*. -+ `port`:: A number that corresponds to *Port*. -+ `secure`:: A boolean that corresponds to *Secure*. -+ `hasAuth`:: A boolean that corresponds to *Requires authentication*. If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `user`:: A string that corresponds to *Username*. Required if `hasAuth` is set to `true`. -+ `password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. -''' + [float] [[email-action-configuration]] diff --git a/docs/user/alerting/action-types/index.asciidoc b/docs/user/alerting/action-types/index.asciidoc index 73b489de3fb22..b963b410d1f53 100644 --- a/docs/user/alerting/action-types/index.asciidoc +++ b/docs/user/alerting/action-types/index.asciidoc @@ -24,20 +24,17 @@ Execution time field:: This field will be automatically set to the time the ale my-index: name: action-type-index actionTypeId: .index - config: <1> + config: index: .kibana refresh: true executionTimeField: somedate -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `index`:: A string that corresponds to *Index*. -+ `refresh`:: A boolean that corresponds to *Refresh*. Defaults to `false`. -+ `executionTimeField`:: A string that corresponds to *Execution time field*. -''' [float] [[index-action-configuration]] diff --git a/docs/user/alerting/action-types/jira.asciidoc b/docs/user/alerting/action-types/jira.asciidoc index e4cf5b3afa500..88826e541f755 100644 --- a/docs/user/alerting/action-types/jira.asciidoc +++ b/docs/user/alerting/action-types/jira.asciidoc @@ -25,26 +25,23 @@ API token (or password):: Jira API authentication token (or password) for HTTP my-jira: name: preconfigured-jira-action-type actionTypeId: .jira - config: <1> + config: apiUrl: https://elastic.atlassian.net projectKey: ES - secrets: <2> + secrets: email: testuser apiToken: tokenkeystorevalue -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `apiUrl`:: An address that corresponds to *URL*. -+ `projectKey`:: A key that corresponds to *Project Key*. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `email`:: A string that corresponds to *Email*. -+ `apiToken`:: A string that corresponds to *API Token*. Should be stored in the <>. -''' [float] [[jira-action-configuration]] diff --git a/docs/user/alerting/action-types/pagerduty.asciidoc b/docs/user/alerting/action-types/pagerduty.asciidoc index 6c8885d5ae876..581f2759973f0 100644 --- a/docs/user/alerting/action-types/pagerduty.asciidoc +++ b/docs/user/alerting/action-types/pagerduty.asciidoc @@ -144,20 +144,19 @@ Integration Key:: A 32 character PagerDuty Integration Key for an integration my-pagerduty: name: preconfigured-pagerduty-action-type actionTypeId: .pagerduty - config: <1> + config: apiUrl: https://test.host - secrets: <2> + secrets: routingKey: testroutingkey -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `apiURL`:: A URL string that corresponds to *API URL*. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `routingKey`:: A string that corresponds to *Integration Key*. -''' [float] [[pagerduty-action-configuration]] diff --git a/docs/user/alerting/action-types/resilient.asciidoc b/docs/user/alerting/action-types/resilient.asciidoc index e1d8755e245fa..d34143ba8eccb 100644 --- a/docs/user/alerting/action-types/resilient.asciidoc +++ b/docs/user/alerting/action-types/resilient.asciidoc @@ -25,26 +25,23 @@ API key secret:: The authentication key secret for HTTP Basic authentication. my-resilient: name: preconfigured-resilient-action-type actionTypeId: .resilient - config: <1> + config: apiUrl: https://elastic.resilient.net orgId: ES - secrets: <2> + secrets: apiKeyId: testuser apiKeySecret: tokenkeystorevalue -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `apiUrl`:: An address that corresponds to *URL*. -+ `orgId`:: An ID that corresponds to *Organization ID*. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `apiKeyId`:: A string that corresponds to *API key ID*. -+ `apiKeySecret`:: A string that corresponds to *API Key secret*. Should be stored in the <>. -''' [float] [[resilient-action-configuration]] diff --git a/docs/user/alerting/action-types/servicenow.asciidoc b/docs/user/alerting/action-types/servicenow.asciidoc index f83090492d9a7..9fc083eaf733e 100644 --- a/docs/user/alerting/action-types/servicenow.asciidoc +++ b/docs/user/alerting/action-types/servicenow.asciidoc @@ -24,22 +24,21 @@ Password:: Password for HTTP Basic authentication. my-servicenow: name: preconfigured-servicenow-action-type actionTypeId: .servicenow - config: <1> + config: apiUrl: https://dev94428.service-now.com/ - secrets: <2> + secrets: username: testuser password: passwordkeystorevalue -- -<1> Config defines information for the action type and contains the following properties. -+ + +Config defines information for the action type. + `apiUrl`:: An address that corresponds to *URL*. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `username`:: A string that corresponds to *Username*. -+ `password`:: A string that corresponds to *Password*. Should be stored in the <>. -''' [float] [[servicenow-action-configuration]] diff --git a/docs/user/alerting/action-types/slack.asciidoc b/docs/user/alerting/action-types/slack.asciidoc index 67d5066d3c463..5188d3c74ed3b 100644 --- a/docs/user/alerting/action-types/slack.asciidoc +++ b/docs/user/alerting/action-types/slack.asciidoc @@ -22,14 +22,13 @@ Webhook URL:: The URL of the incoming webhook. See https://api.slack.com/messa my-slack: name: preconfigured-slack-action-type actionTypeId: .slack - secrets: <1> + secrets: webhookUrl: 'https://hooks.slack.com/services/abcd/efgh/ijklmnopqrstuvwxyz' -- -<1> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `webhookUrl`:: A string that corresponds to *Webhook URL*. -''' [float] [[slack-action-configuration]] diff --git a/docs/user/alerting/action-types/teams.asciidoc b/docs/user/alerting/action-types/teams.asciidoc index 21e6851daae21..b81842e10f849 100644 --- a/docs/user/alerting/action-types/teams.asciidoc +++ b/docs/user/alerting/action-types/teams.asciidoc @@ -22,14 +22,13 @@ Webhook URL:: The URL of the incoming webhook. See https://docs.microsoft.com/ my-teams: name: preconfigured-teams-action-type actionTypeId: .teams - secrets: <1> + secrets: webhookUrl: 'https://outlook.office.com/webhook/abcd@0123456/IncomingWebhook/abcdefgh/ijklmnopqrstuvwxyz' -- -<1> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `webhookUrl`:: A string that corresponds to *Webhook URL*. -''' [float] [[teams-action-configuration]] diff --git a/docs/user/alerting/action-types/webhook.asciidoc b/docs/user/alerting/action-types/webhook.asciidoc index 0744b08e039a6..18c22ab3c8199 100644 --- a/docs/user/alerting/action-types/webhook.asciidoc +++ b/docs/user/alerting/action-types/webhook.asciidoc @@ -27,32 +27,27 @@ Password:: Password for HTTP basic authentication. my-webhook: name: preconfigured-webhook-action-type actionTypeId: .webhook - config: <1> + config: url: https://test.host method: POST headers: testheader: testvalue - secrets: <2> + secrets: user: testuser password: passwordkeystorevalue -- -<1> Config defines information for the action type and contains the following properties. -+ +Config defines information for the action type. + `url`:: A URL string that corresponds to *URL*. -+ `method`:: A string that corresponds to *Method*. -+ `headers`:: A record that corresponds to *Headers*. -+ `hasAuth`:: A boolean that corresponds to *Requires authentication*. If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. -<2> Secrets defines sensitive information for the action type and contains the following properties. -+ +Secrets defines sensitive information for the action type. + `user`:: A string that corresponds to *User*. Required if `hasAuth` is set to `true`. -+ `password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `hasAuth` is set to `true`. -''' [float] [[webhook-action-configuration]] diff --git a/x-pack/plugins/alerts/README.md b/x-pack/plugins/alerts/README.md index 0e922e0a475ba..a4a13bb110321 100644 --- a/x-pack/plugins/alerts/README.md +++ b/x-pack/plugins/alerts/README.md @@ -17,6 +17,8 @@ Table of Contents - [Alert types](#alert-types) - [Methods](#methods) - [Executor](#executor) + - [Action variables](#action-variables) + - [Documentation](#documentation) - [Example](#example) - [Role Based Access-Control](#role-based-access-control) - [Alert Navigation](#alert-navigation) @@ -125,7 +127,13 @@ For example, if the `context` has one variable `foo` which is an object that has ``` ### Documentation -We suggest you add user documentation for your alert type following the template provided in `docs/alert-type-template.asciidoc`. The [Index Threshold alert type](https://www.elastic.co/guide/en/kibana/master/alert-type-index-threshold.html) is an example of documentation created following the template. +You should create asciidoc for the new alert type. +* For stack alerts, add an entry to the alert type index - [`docs/user/alerting/alert-types.asciidoc`](../../../docs/user/alerting/alert-types.asciidoc) which points to a new document for the alert type that should be in the directory [`docs/user/alerting/stack-alerts`](../../../docs/user/alerting/stack-alerts). + +* Solution specific alert documentation should live within the docs for the solution. + +We suggest following the template provided in `docs/alert-type-template.asciidoc`. The [Index Threshold alert type](https://www.elastic.co/guide/en/kibana/master/alert-type-index-threshold.html) is an example of documentation created following the template. + ### Example This example receives server and threshold as parameters. It will read the CPU usage of the server and schedule actions to be executed (asynchronously by the task manager) if the reading is greater than the threshold. From bd3db14b8e1353e9879136281f5cfc709075db33 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Fri, 26 Feb 2021 09:19:15 -0500 Subject: [PATCH 06/12] Cleanup --- x-pack/plugins/alerts/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/alerts/README.md b/x-pack/plugins/alerts/README.md index 4395100046b91..3d6cd5f45fa40 100644 --- a/x-pack/plugins/alerts/README.md +++ b/x-pack/plugins/alerts/README.md @@ -139,6 +139,7 @@ For example, if the `context` has one variable `foo` which is an object that has ] } ``` + ## Licensing Currently most of the alerts are free features. But some alert types are subscription features, such as the tracking containment alert. @@ -151,11 +152,11 @@ You should create asciidoc for the new alert type. * Solution specific alert documentation should live within the docs for the solution. We suggest following the template provided in `docs/alert-type-template.asciidoc`. The [Index Threshold alert type](https://www.elastic.co/guide/en/kibana/master/alert-type-index-threshold.html) is an example of documentation created following the template. + ## Tests The alert type should have jest tests and optionaly functional tests. In the the tests we recomend to test the expected alert execution result with a different input params, the structure of the created alert and the params validation. The rest will be guaranteed as a framework functionality. ->>>>>>> c2877a6d96791a9dd5498de80a75945b9e1c70fc ### Example From 4988d0695c4c6d7273390c8dfbbb7b72165564db Mon Sep 17 00:00:00 2001 From: ymao1 Date: Sun, 28 Feb 2021 09:19:54 -0500 Subject: [PATCH 07/12] Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> --- docs/action-type-template.asciidoc | 4 ++-- docs/user/alerting/action-types/email.asciidoc | 6 +++--- docs/user/alerting/defining-alerts.asciidoc | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/action-type-template.asciidoc b/docs/action-type-template.asciidoc index 4121389085c36..191cbc0409473 100644 --- a/docs/action-type-template.asciidoc +++ b/docs/action-type-template.asciidoc @@ -66,5 +66,5 @@ Property2:: A short description of this property with format hints. This can be //// Optional - additional configuration details here [[configuring-]] -==== Configuring -//// \ No newline at end of file +==== Configure +//// diff --git a/docs/user/alerting/action-types/email.asciidoc b/docs/user/alerting/action-types/email.asciidoc index 2032984f47543..c87015d31853a 100644 --- a/docs/user/alerting/action-types/email.asciidoc +++ b/docs/user/alerting/action-types/email.asciidoc @@ -40,9 +40,9 @@ Password:: Password for login type authentication. password: passwordkeystorevalue -- -Config defines information for the action type +Config defines information for the action type. -`service`:: The name of a https://nodemailer.com/smtp/well-known/[well-known email service provider]. If `service` is provided, `host`, `port`, and `secure` properties are ignored. For more information on the `gmail` service value, see the (https://nodemailer.com/usage/using-gmail/)[Nodemailer Gmail documentation]. +`service`:: The name of a https://nodemailer.com/smtp/well-known/[well-known email service provider]. If `service` is provided, `host`, `port`, and `secure` properties are ignored. For more information on the `gmail` service value, see the https://nodemailer.com/usage/using-gmail/[Nodemailer Gmail documentation]. `from`:: An email address that corresponds to *Sender*. `host`:: A string that corresponds to *Host*. `port`:: A number that corresponds to *Port*. @@ -61,7 +61,7 @@ Secrets defines sensitive information for the action type. Email actions have the following configuration properties. -To, CC, BCC:: Each is a list of addresses. Addresses can be specified in `user@host-name` format, or in `name ` format. One of To, CC, or BCC must contain an entry. +To, CC, BCC:: Each item is a list of addresses. Addresses can be specified in `user@host-name` format, or in `name ` format. One of To, CC, or BCC must contain an entry. Subject:: The subject line of the email. Message:: The message text of the email. Markdown format is supported. diff --git a/docs/user/alerting/defining-alerts.asciidoc b/docs/user/alerting/defining-alerts.asciidoc index bd2ed687171e6..7903052b9a6dc 100644 --- a/docs/user/alerting/defining-alerts.asciidoc +++ b/docs/user/alerting/defining-alerts.asciidoc @@ -5,9 +5,9 @@ {kib} alerts can be created in a variety of apps including <>, <>, <>, <> and from <> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail. [float] -=== Creating an alert +=== Create an alert -When you create an alert, you need to define the alert details, the conditions and the actions. +When you create an alert, you must define the alert details, conditions, and actions. . <> . <> From 99ecd2bc97a80c6cba21b2f8c7119396c2d3d2a8 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Sun, 28 Feb 2021 09:31:43 -0500 Subject: [PATCH 08/12] Adding title to actions page --- docs/action-type-template.asciidoc | 3 +++ docs/user/alerting/action-types/email.asciidoc | 3 +++ docs/user/alerting/action-types/index.asciidoc | 3 +++ docs/user/alerting/action-types/jira.asciidoc | 3 +++ docs/user/alerting/action-types/pagerduty.asciidoc | 3 +++ docs/user/alerting/action-types/resilient.asciidoc | 3 +++ docs/user/alerting/action-types/server-log.asciidoc | 3 +++ docs/user/alerting/action-types/servicenow.asciidoc | 3 +++ docs/user/alerting/action-types/slack.asciidoc | 3 +++ docs/user/alerting/action-types/teams.asciidoc | 3 +++ docs/user/alerting/action-types/webhook.asciidoc | 3 +++ 11 files changed, 33 insertions(+) diff --git a/docs/action-type-template.asciidoc b/docs/action-type-template.asciidoc index 191cbc0409473..5b61c259563ad 100644 --- a/docs/action-type-template.asciidoc +++ b/docs/action-type-template.asciidoc @@ -1,5 +1,8 @@ [[-action-type]] === action +++++ + +++++ Include a short description of the action type. diff --git a/docs/user/alerting/action-types/email.asciidoc b/docs/user/alerting/action-types/email.asciidoc index c87015d31853a..3813eccd048d9 100644 --- a/docs/user/alerting/action-types/email.asciidoc +++ b/docs/user/alerting/action-types/email.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[email-action-type]] === Email action +++++ +Email +++++ The email action type uses the SMTP protocol to send mail message, using an integration of https://nodemailer.com/[Nodemailer]. Email message text is sent as both plain text and html text. diff --git a/docs/user/alerting/action-types/index.asciidoc b/docs/user/alerting/action-types/index.asciidoc index b963b410d1f53..f14d8ea4633e9 100644 --- a/docs/user/alerting/action-types/index.asciidoc +++ b/docs/user/alerting/action-types/index.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[index-action-type]] === Index action +++++ +Index +++++ The index action type will index a document into {es}. See also the {ref}/indices-create-index.html[create index API]. diff --git a/docs/user/alerting/action-types/jira.asciidoc b/docs/user/alerting/action-types/jira.asciidoc index 88826e541f755..f4fa2ebca26a5 100644 --- a/docs/user/alerting/action-types/jira.asciidoc +++ b/docs/user/alerting/action-types/jira.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[jira-action-type]] === Jira action +++++ +Jira +++++ The Jira action type uses the https://developer.atlassian.com/cloud/jira/platform/rest/v2/[REST API v2] to create Jira issues. diff --git a/docs/user/alerting/action-types/pagerduty.asciidoc b/docs/user/alerting/action-types/pagerduty.asciidoc index 8cc56ab697709..7df86f6902b82 100644 --- a/docs/user/alerting/action-types/pagerduty.asciidoc +++ b/docs/user/alerting/action-types/pagerduty.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[pagerduty-action-type]] === PagerDuty action +++++ +PagerDuty +++++ The PagerDuty action type uses the https://v2.developer.pagerduty.com/docs/events-api-v2[v2 Events API] to trigger, acknowledge, and resolve PagerDuty alerts. diff --git a/docs/user/alerting/action-types/resilient.asciidoc b/docs/user/alerting/action-types/resilient.asciidoc index d34143ba8eccb..8ef6449434f00 100644 --- a/docs/user/alerting/action-types/resilient.asciidoc +++ b/docs/user/alerting/action-types/resilient.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[resilient-action-type]] === IBM Resilient action +++++ +IBM Resilient +++++ The IBM Resilient action type uses the https://developer.ibm.com/security/resilient/rest/[RESILIENT REST v2] to create IBM Resilient incidents. diff --git a/docs/user/alerting/action-types/server-log.asciidoc b/docs/user/alerting/action-types/server-log.asciidoc index b300030c21433..7849a70a239c3 100644 --- a/docs/user/alerting/action-types/server-log.asciidoc +++ b/docs/user/alerting/action-types/server-log.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[server-log-action-type]] === Server log action +++++ +Server log +++++ This action type writes an entry to the {kib} server log. diff --git a/docs/user/alerting/action-types/servicenow.asciidoc b/docs/user/alerting/action-types/servicenow.asciidoc index 9fc083eaf733e..fe772989f2797 100644 --- a/docs/user/alerting/action-types/servicenow.asciidoc +++ b/docs/user/alerting/action-types/servicenow.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[servicenow-action-type]] === ServiceNow action +++++ +ServiceNow +++++ The ServiceNow action type uses the https://developer.servicenow.com/app.do#!/rest_api_doc?v=orlando&id=c_TableAPI[V2 Table API] to create ServiceNow incidents. diff --git a/docs/user/alerting/action-types/slack.asciidoc b/docs/user/alerting/action-types/slack.asciidoc index 5188d3c74ed3b..e9d28c711bef4 100644 --- a/docs/user/alerting/action-types/slack.asciidoc +++ b/docs/user/alerting/action-types/slack.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[slack-action-type]] === Slack action +++++ +Slack +++++ The Slack action type uses https://api.slack.com/incoming-webhooks[Slack Incoming Webhooks]. diff --git a/docs/user/alerting/action-types/teams.asciidoc b/docs/user/alerting/action-types/teams.asciidoc index b81842e10f849..503c86c55e479 100644 --- a/docs/user/alerting/action-types/teams.asciidoc +++ b/docs/user/alerting/action-types/teams.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[teams-action-type]] === Microsoft Teams action +++++ +Microsoft Teams +++++ The Microsoft Teams action type uses https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook[Incoming Webhooks]. diff --git a/docs/user/alerting/action-types/webhook.asciidoc b/docs/user/alerting/action-types/webhook.asciidoc index 18c22ab3c8199..381d6e72bf9c0 100644 --- a/docs/user/alerting/action-types/webhook.asciidoc +++ b/docs/user/alerting/action-types/webhook.asciidoc @@ -1,6 +1,9 @@ [role="xpack"] [[webhook-action-type]] === Webhook action +++++ +Webhook +++++ The Webhook action type uses https://github.com/axios/axios[axios] to send a POST or PUT request to a web service. From 2fa86f787dc8a684c820026ab786b2b4b752b992 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Sun, 28 Feb 2021 09:48:29 -0500 Subject: [PATCH 09/12] PR fixes --- .../user/alerting/action-types/index.asciidoc | 4 ++++ docs/user/alerting/action-types/jira.asciidoc | 2 +- .../alerting/action-types/resilient.asciidoc | 2 +- .../alerting/action-types/servicenow.asciidoc | 2 +- .../user/alerting/action-types/slack.asciidoc | 5 +---- .../user/alerting/action-types/teams.asciidoc | 2 +- docs/user/alerting/alert-types.asciidoc | 5 ++--- docs/user/alerting/defining-alerts.asciidoc | 2 +- .../images/slack-copy-webhook-url.png | Bin 42332 -> 21738 bytes 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/user/alerting/action-types/index.asciidoc b/docs/user/alerting/action-types/index.asciidoc index f14d8ea4633e9..a57048243d757 100644 --- a/docs/user/alerting/action-types/index.asciidoc +++ b/docs/user/alerting/action-types/index.asciidoc @@ -47,6 +47,10 @@ Index actions have the following properties. Document:: The document to index in JSON format. +[float] +[[index-action-example]] +==== Example + Example of the index document for Index Threshold alert: [source,text] diff --git a/docs/user/alerting/action-types/jira.asciidoc b/docs/user/alerting/action-types/jira.asciidoc index f4fa2ebca26a5..ed6098a87f586 100644 --- a/docs/user/alerting/action-types/jira.asciidoc +++ b/docs/user/alerting/action-types/jira.asciidoc @@ -92,6 +92,6 @@ ID:: The ID of the issue in Jira. The `getFields` subaction has no parameters. Provide an empty object `{}`. [[configuring-jira]] -==== Configuring and testing Jira +==== Configure Jira Jira offers free https://www.atlassian.com/software/jira/free[Instances], which you can use to test incidents. diff --git a/docs/user/alerting/action-types/resilient.asciidoc b/docs/user/alerting/action-types/resilient.asciidoc index 8ef6449434f00..067434fa0e92e 100644 --- a/docs/user/alerting/action-types/resilient.asciidoc +++ b/docs/user/alerting/action-types/resilient.asciidoc @@ -78,6 +78,6 @@ The `incidentTypes` subaction has no parameters. Provide an empty object `{}`. The `severity` subaction has no parameters. Provide an empty object `{}`. [[configuring-resilient]] -==== Configuring and testing IBM Resilient +==== Configure IBM Resilient IBM Resilient offers https://www.ibm.com/security/intelligent-orchestration/resilient[Instances], which you can use to test incidents. diff --git a/docs/user/alerting/action-types/servicenow.asciidoc b/docs/user/alerting/action-types/servicenow.asciidoc index fe772989f2797..c3b2e44cd6730 100644 --- a/docs/user/alerting/action-types/servicenow.asciidoc +++ b/docs/user/alerting/action-types/servicenow.asciidoc @@ -78,6 +78,6 @@ External ID:: The ID of the incident in ServiceNow. Fields:: An array of fields. Example: `[priority, category, impact]`. [[configuring-servicenow]] -==== Configuring and testing ServiceNow +==== Configure ServiceNow ServiceNow offers free https://developer.servicenow.com/dev.do#!/guides/madrid/now-platform/pdi-guide/obtaining-a-pdi[Personal Developer Instances], which you can use to test incidents. diff --git a/docs/user/alerting/action-types/slack.asciidoc b/docs/user/alerting/action-types/slack.asciidoc index e9d28c711bef4..6f7d1b3e11d31 100644 --- a/docs/user/alerting/action-types/slack.asciidoc +++ b/docs/user/alerting/action-types/slack.asciidoc @@ -42,10 +42,7 @@ Slack actions have the following properties. Message:: The message text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported. [[configuring-slack]] -==== Configuring Slack Accounts - -You configure the accounts Slack action type can use to communicate with Slack in the -connector form. +==== Configure a Slack account You need a https://api.slack.com/incoming-webhooks[Slack webhook URL] to configure a Slack account. To create a webhook diff --git a/docs/user/alerting/action-types/teams.asciidoc b/docs/user/alerting/action-types/teams.asciidoc index 503c86c55e479..294b5474e390a 100644 --- a/docs/user/alerting/action-types/teams.asciidoc +++ b/docs/user/alerting/action-types/teams.asciidoc @@ -42,7 +42,7 @@ Microsoft Teams actions have the following properties. Message:: The message text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported. [[configuring-teams]] -==== Configuring Microsoft Teams Accounts +==== Configure a Microsoft Teams account You need a https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook[Microsoft Teams webhook URL] to configure a Microsoft Teams action. To create a webhook diff --git a/docs/user/alerting/alert-types.asciidoc b/docs/user/alerting/alert-types.asciidoc index 0ffebad1634ad..66243cb99c804 100644 --- a/docs/user/alerting/alert-types.asciidoc +++ b/docs/user/alerting/alert-types.asciidoc @@ -10,14 +10,13 @@ Kibana provides two types of alerts: [float] ==== Standard stack alerts -Users require the `all` privilege to access to the *Stack Alerts* feature and create and edit alerts. -See <> for more information. - {kib} provides two stack alerts: * <> * <> +Users require the `all` privilege to access the *Stack Alerts* feature and create and edit alerts. +See <> for more information. [float] ==== Domain-specific alerts diff --git a/docs/user/alerting/defining-alerts.asciidoc b/docs/user/alerting/defining-alerts.asciidoc index 7903052b9a6dc..ba5b99cdc429e 100644 --- a/docs/user/alerting/defining-alerts.asciidoc +++ b/docs/user/alerting/defining-alerts.asciidoc @@ -126,6 +126,6 @@ Here's a list of the available global configuration options and an explanation o *NOTE:* As an alternative to both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, the OS level environment variable `NODE_EXTRA_CA_CERTS` can be set to point to a file that contains the root CA(s) needed for certificates to be trusted. [float] -=== Managing alerts +=== Manage alerts To modify an alert after it was created, including muting or disabling it, use the <>. diff --git a/docs/user/alerting/images/slack-copy-webhook-url.png b/docs/user/alerting/images/slack-copy-webhook-url.png index 0acc9488e22a335e31a9e429bcc033425f11baac..805f5719980dabed80af6a8fbaebf194b52305c7 100644 GIT binary patch literal 21738 zcmeFYWmj9_7A;((MuAeSc!A=@Avh^*aRM#w?gWCn6k6O`9D=mCLvV-U?h*)AT!KSz zxVz_^JI4D9-cL7UK(dpJ&E5}d&9&xS^9lK^Acgas?D@TW_i$vSKPlb2_xLUFI^*dB z;J1Ppw+!%f-%&~G!~L1wcfP>EGdpQb$9wmP>Hq!Qmr;6qaPOWSbZ<=A)CRfm+=34@P_OEz5cfr|8E`s8xjA%ufru@adGkFlEePxQ+HqLlqc?l~ z{Gc7L!TzTZ*Y+&&JVB9!I9}bv17GZJPCyuUGkD(c zD1h5V#0054(Fg%^HvQ^3F}cXgOAkg!Z#KOGnWHqH@WpD(u;|7dc}a^Q20arO7dHw% zTT9RvQg=HZe=)YIOsU9sbUSkN?#OPt5jBGb?e&+ z({uH)=nN$i9S|{!`3MVxwA{__@9uz4Mn2jPX_cFV9Bh>9d2%)crJxSye}f_TiWG=v|2;u# z4qgXC3$fjFM+5EHu#Z*s;%=0lOoD87%1Iar$DaETKAZygHNp~EW|+SAb3EO5@4|Dh zd1Es((xt?4QxR{z(lW*||CScyoCW8%NyyC1cfZ5XfK@J){c84$6H+Rn^E1<=%(!gt zuPji?)8nJPW`#h<+*rXw!U^YW`n2}gIzaPdJJV?l9_gzfa|v(!ULo2P=esKRb|>S zeYZaWe&h0eeSK{T7t<}brn%Q!iaxVbQ&Yz&z&cWJ8jYVHuG~z^7^I#rsV9kH1l&>oc7wzyY=HzC4z=-$6e*}VAg}} zjl~}+v9}lX%|p`mS&wl>xp}45?wUr_lQdnoRipiq1NKiv`}GeW_U;XP>sPEq1?{KSJG=p3EW0?=GV# z&qUZkra5$!H~o-o)QOd$67)Ep(r6CWbh&`Dq2Gd8WtAOn@#zn4a8>Xra5h)%Fzw7f zG_Q64n3QU^D5c*Mh_V< z1u{+eqL4rF(P&ij zUX$VjYVTj|<7=a?P8JO0VwwcWbzaG>XZ*=rGB2m>o`V!EKMyhQp5nyu==~Ve@SWmQ z!eh-5W8;6FELxWtI=?(0H-FH2`9~c_<o40u*}!@LnK(T7x1-Fo^bd)OVR4(=s z{vDrAQsCBIRaMoXZ+3R}8=jEBXQ;>OPpP(&ed%W(gK!~lQNa-0C)LOkT~G(|M>LH~ z-#=`XIrb)jXJsao@T|Krn-#u|e-|>i;qn_e_=ls7PRhOteiFm#)o@EzUDO| z-b7$J0BrG=MhyP-^mA)@5{^_k-oNXK2u5tWw{bM>oIf@U+U0TLt%6cIEAAEg(KA3U zD0$lC%>_-TThe$k?2dDmM$N~6Xbbx~ecp%@wL}NhwCzcIvTeLn?@&<24Ewsn59|50uK2E`%4er`s(~sEmE`AzkQS_&uJ@@jp)32rA2&CvM#>_{ z=cC6G8JZJ|I%L$i>$Wx$8x$~(aFeo*Bxjk=uO+?gjr63#Yn%mwv#l|*o<7}bX4bTP zudHJf^6SOtSn!R#T>YwX{v1$Tn()*j=it0xCA4s}h=<{(H99#V z>~$lpkXQZ(-Gchlub5_{q8o|Kn{O)poW%v#L!@<7X8n=2IxS}-vP|Ek4Ia7zG50(3 zwN|s0Is$EDPktt(9(@$$HNFis5V(m6W6$ei$%)1m{qc zgwDDhp0m%Cg?gY)&%&@rV#3aZww%^ZF03Odmxmj}rABl2t~SFa{AfUII<+H*!~f8} zHP&%`fXfnBY;%b&N?`0-(CuKURhf*8jKbS$q0v3WgdEZP_bUnfJO85BxPl;1{uD&6 z_8X9I)tp(XWAqPOQ}oD!FkscFmUn06r`t02ulS2}_BB!Fk=(FGe0X$ro(Gcry0tUs zA4~=Z4o}PNoHv(7#$J~S8)u2U*$Q4AzC2U6ZMxLE(zs(BzE9jgcA?_|ZSt?3(JrZ% z8w=L0-3X|eEwIvZRaGC-`IU;qXy;z}IxQYeW^Y7P74LE)WJ+{=y2F8tT}?Jx43pD5 z8+v}4-r4TNz)HHR$C4vj*ge#%n0@&HdX!a(4vKyPgPb%=3aSUd4tXgSHAD|^NESBN zE^f{HV4hCLBd8OnEl+J$7vUBrb%L{DO#Xw;oLzoVD7c(WU16f*=;P2hRI7!ri~{Nu z?aym|91;py=JcHLIhdg&Ftcqkix#3$`g%(3wWsqNz_itTcic&2K2CbkmW7q&Idnd- zCH$CWm|6YuG$-DMNLzBwW;*66f_Z+5Jr0seof;KmYhztnoX}Tx+&nWm++?fdq6m#n zxl+F;7}ad0Rx;~3-r)a3=_qZh&iF>3uNbBD`9)s{u^wAK2N`1 zNw&dsXK0rnoN^Vib(|6==V61+-UyFZn;IRNIPdH#w;!MIT&!41ZGCs~Z0CSn89tRN z*5*0IsE@cxnilz)otfz@HMzi_AUB8(L9VKX|3YVLYh~-5nj>T)DP2X^?_BP}AY)1@ zEOF}O1t~SL3*K=*|SZV4b-u--6)e!F@cMX`8tvt zKw;Yl@F(G*D?mmue*V1mvch3(d+N(sN0JMhE<$BKEhz4w?{7f^X27@5-B?pfxuUYF zzDE6ZcIomTLD5DZj%bDc;G&Dzp}NCkC1!rosI0Si8rbogD{H`8haIKFM&nx>x0LFJl^o>xw{c z>j=$9Mo98oekHs1<~04cIY^Z+U$}sbygHKiwA1qR^i0t?eS)y;j-(u#Ty;S|3Wh97 zX}PKu3mVpLJniJP&1#=NuYpt0KR_^RzJy=?$Vh&O_7xdiPL%71`SJ?+P5do;#K*B= zrtP+~{;orLY&cbheYtmYW7%Czw2o5?`aB%{CasZ$%s$)!p?ubYoG34*-H=&0c1wtr zQ!mh05p?vssSAZf8mtxz^bB1W_*Bac!KZ9N{JKQvi^!eipAKBl zMXf!eX)JzZp@Irj%k@%P*wk9$^b)KK?`zK3cL<4$9IKGZEq82ywkXsGpMEP%}DZZ0rzs;PKeR@1S2HF`X~%E1ct zjhTo8bW|DcB785l>8y%TA3qP;oCN;lh*CYZR{V2T8jF^OGfPWCt>kUE7v-u5`|a-JME;b@2sNIf^Iso-yL_2X zRX22ixjW`aP{>Lnlv@mjv~`l`La#QYD117AhJP(9zpzkvb?KvgvQ#d(-r&!Jt0Gb! zv-46B7qo`(p!-JJhT`#F!#)*2u_z+mN44V#UvK56->$=9*X9?UKzNOP2pAQv zFLz3BNDjjw{RwQYDnz1@V%wXW-k0AmjyLYEd(xkny^oBRlXKZ$p!5z%(|H?-RH-gT ztG8Uor9y{N1hFczPJrkFD4dII{*Swxec#>xL|9*!=<7w<&&=k>Wx{AZ^8Zh4nK$+l zev_R_b1>C*w$VuTH;TFREGb_S92TTo_h3U^uN!y9XXm84fQ+v1dkDlZPqM}4 zB-Wq#>JzjeaUEiy>DndD_$JtCEC1SyUbt2H7xFEX)IF*Ns%rmox(QQtwx-Cuus{qK zB7-{zB=Bf5e}?wCS4_Q4B9}x7-Q%a?G*I&G^!^=BgCRUbVmS^_PN>LK4}Ai%T<(n+6$?tUFz&}hE`8GDJE)g#!V$jE_i83*<923C1JSnR{T#`N3LVi zZtJT%kIHgi`75emhB!_N4;>*oP7)5-dUoERH(SboMhYiZkX zTHTuRXpFie$NhMHhFMYI_7S7_9T9xYlFM{^QGY8+)UX2FkrP>YE*BkBJ^y3r3e7M#_m;oG4XJBzx!|V2^@qBmAIUH zHoq&sB-Tr?l*r4v@j%6Cq5aUf8wL>3fD9uSmG_3JHVS=E@6THk{F*gTU{JiEQXt(~ zPR!=q1d_tkxy;!=-dEEB9G%?k zq7Se7=iUD*Xd49?DCY9xHPEfW1y)|Nfs(4g3Qr&B>t42Lir#NnnY}qF>|#S#BeQnA zS*TO>IoEE1a#o%%vG*zY2h7)q?WDz6YSXxxK7W|eKG>LojGb(A0Uv86 z#9;V5iUnFGCOAM<(-VU83d^3^GGT@K)v}K%ePN|>pIPHf#z+X<%TcEwl%(RJ(6K!p zaqW2|3v-hHWpb<{$wg6S=HKH}QG{=$@mbfOAM-?)-^B>v1uTUWBsUA5d(LA>p`QHQ zlmco!FZ%@MFA64y&O1|r303^XR~QtGL*VWK;~!Y$?V$ec83$v!S2@Af*7g^5;S2kY z9D(jEPewtKkg443?)}>h*Da^nI%!YOE3OuBS2|KN#UgU1!u*O_e3;`E8^{~bk3I&y zs3OogI+J@~?inz;VH86+N*#IiE%hi;c+YO^L=j=R*li8cyH-5TfC0?B9dxIl1GUnr z`UC&%-DWpWlCzgeUVo!wn++BE=C|8iiGo!XW?Pei#(fR3TF9Ulb-jYwvtw9!X z*eMqrd!J?^@SM6D2IsdXh3kcq42@#EXwPU#NL&#?<59-zZwdBCYgBiCKDr#~{4`$s zSSj2p$E{zqoVao0VGy<|7X0IJjswS=U?NwBI9(HjWseQRkbgvCS{ekp%fmFR%WvnD zr+eb3&NECA*YwwEk^p=1f%{vOXtu|(tHFj!Ek zHAz6MUBc6xnWs`lnwO$u=QYeVYB%VedXwG)1by~KA>wxz!29JM)69!!YZ@SHT=0%bv2q_HQ5aHgmKb zc#HcrpK6z;5n?hKJRQE1dM5SYE>=Dz6@I?n$i$<_hQo%0(Cb!~B^S+^?Nz$>S?X2F}Khwsl89~z@r|rm*7dxsk&Quc<$#VI)r|_{Eq~cEQQtYB%F-O`A)+{lS1~IoJBzh%NQb)p5`( zM{IDfq``d;V&`dfbYDCx<70++E9yg5pgMYQ#ONvrpYmRz0s|jwpSm6RJvnt0HmRjh z6uJHGJ=Kl}hWdJr$uQ0=HUq-)Pz^9sO1h}7tGk%BE~z4Tr&-=1Ci)plW;2pM%!f5lL3yw*=PKK@VNfW{+li}`TL}ajH!!-}m+tbfMQz$$ByAY~WR0&^I zA|4-Y`)mxm>nqe$)N6M^eS5|E5-A7rn;vE}{_i%K`;Oe{IG$fJK9;{OUp5Q#-N}F3 zjl(8tF0ZkXU3gDPLiYS}ft%CiYr2lk!MN1<$3-I5C0RfW*lrD$VCQF=`ieVQpIYbW zO*#hB+0=w7JyjxHt8quoSuyvmGjZ1iO5>O{d>rx+Ki)-Yz)v%|6*)1XT zN1hm=twhxCPQGIkLOd3gpb@RQQ^D!^F0(x%yUT1b~r}ptc0$86W zH7+tm^b~Q&Q1qpHtm^cAKpBV7n|Bzw%bVUMG6bnJR&?$`WmP9^k_`yPB%sYk{^uZ6 zm%`-u9I{hcF_~Lueyg4Q2Kp>bHbr=EsEK1Dh$%|3{3q(3p+QK<=QJ|j zjv1Ukn_zimXihSS|rFRUv@5YrzbAQ zm2*?~MR`OG*A#F?0yi4We<{|KGa)m~Qfrhk+dB48pn;d{TiH_VojeVK+3pRB&pVBD z&+(g2^{Y!toa{Wrg6~Q_NaxnstdJC2t%#v&=PhHlyRl@rdH!{1a;>58b|~X=Rl{`yEtj&hMyzLeEk3y-bX)7Iqz_K~bxGn9v76pz)OlPp zAv{M^VDNCPu&{8jhNJPo|7H@%^ONJ`WHQhB8TSq6XT7VNbTJIh3h%6}tjbq-Z-Ds= zZg{Jx7t$_fz1BFYqQ#+up*Ik05j)p*ca8Byo17^&Eh;PpL;m$7;HNcoNxHxQ4pXB< z=)zP8P&==+zPKTx+pER9ND9HR=AOJSnXg);zauLxMrp4K^>3FGfGOiaf(!2z1R8zC zf>O%~ifs?$Xcn+v{=`hMA;e=obaJQT3s9fLA0<-tjHDH!tl(6&<2G^za34<0da7fG zp@{>651S!=uWPkKgGQ*Ww{@xb)8?i{Y5sVvhn_Ij?qtn%%3M{e7*SG#8sT1 z{>rLEh%!-}TOCydXJzf7^0$f-6CAmYoGOY5g5cXMwE7Iu?j?&DvlwwEDwtJoBo7C~= zLP8U)Q_jBiOuat8d=U8n4OXoPuCCx|dI#F|zRFZ_Ijd|XZ3e(#&eFL?WWHlN8_vHj zq?Bp8b?^!ZdHnL;C$f#|Hb*Jboe-4nxCG%M1@D#oxd~3hKOOQ zQu6_6E&gv6_2O(yD3Pw;viBw&I;OYy>;67pW!((r95o$t4Y}_0$JqcIJf?{Bgq-q% z?{_xwPUq`7#(sI~meq+)rSY?b7W$+a!d|C-$~1m?6rtS5m72TShXJ_dlCLIfRrENI zu7&jJKsMx#=}vTG_hq{?QY#WwqaB%_lfJ2>&7Wj6`#Q9ZGqI#qy+1ZBA^GVuLME+Q z&!u}l%00$@%o6ro26Hj%=}d}{d5l%{xGCxD1;YvnJaqRU;-0yhOql2|j<3$!@#10h zMCFz|<)hS*$}80oYx zPStT12pN4&)Sl!Utr!5ZGP*p@<}kSV@%dRjv0Z9Xx#|UG?*jqkX1We5CZ9<8?;->sjsh`LJ9F$XOh*47?tRY z4@f*n_ow#mxKW3)=<08~Z2{9?o<&?{QX?_&EnYW@aaQ(^I9RAhzQz&&6D&f(e^ctA zWKeNf^(io^f3j}X9*E<@?dd2a1?7$@rpN(v&;N`;!zdB?jg51@SatZq5t;6~_7_B$ z8en>EZUD;CNFh~%gKT6mw1!5?mX=$?xHm}`Iwc2(-PBL?z{vn{Z)UU;PY_cY#DyMO$Z;lGOGNgj2;}sM0+lyn6#Q5Pvw3M5`1O?5{ zXhdOAx{W5uv{gLe{(f(4s|m(Nk~`}&O&HPD`J!TyLgmjP?VCqUNgM^Oo#LueraO6_ zUL@NiHPo0FyE@RYYlRJv*;uHkW-mUxv95MT-DPL!HR*Xq4jhZ>AtFg>hP1I$@+-?b zpbx!dx4l^^r2N*}L!jG{bDcw@^lat3n_UOPaq_e$-E2GOkIvP%x0%DFkG=&;Tke=n zQV|7x8lX%Ks-i;~q;ir5`VWdbQ<(pTyauL6g*JbleOi+t(sW#WmR)M3JoL2r)`!P_ zfCH4zL1}TB7={|3uvrd<)bSsG3!GrP;GIG7DyZCCv3jesyk}=Wmr1Bmt>Z|)`4k3W zVMnD&>izCNZ6}M(x{h2*QnT-1i0Psj!%_vGc_348gDeotmz!zGEIi$7ubB76E-==b zqTDQPDe^FI44@RiPjk-aPs-S_U!A?D$nxh$dK$%?*N~Bjyd!4;g#_iyV9fAkB`9Nc zgD0xYc}k!2&bmsThKbWVl&~-7^}321!dz*S;fH?YV%p|r;j&wn>s7`z387Bf(CD8= z$|1S7ZajhI{I8inq>#Qe;$i}ulr05WTigC$b1Dp5r7Gr?)2z%@VG9W*dQUVrkRsO# zo+gCT>dpk_vmXE$8}=pF$S53j)cp6P`JADU$Y9Hx^& z(6oC#4c_#(ZH{Ns*>}x#=;gHNq$)I;)vdQ&@XLmdM;j%9`BsS4!s}gzGcAjemv`v4 zxeuMJ42g;=&^|2vbg^NDchkd@8D5JE%pjQn&FFFQfdP&dq>59};!pT9_HVV14+ls? zr{x`H&DeF+8&!L)2J!^6j@2Am9InfBg62kPs2@M>;a~#E{I$q-Ugf-D$%TuIYD%cm zIIF!0#AgHbe$7~v#AC%bQvPD>O)_Tb?3*R?SnNTSfus0k!yZvyRUSI<2^uX!C4c>W zj`#SMxAjg2aw&?M9QLHsisVHa}5*ubM2YHtBy$2?Dw>y7=-jE``OSw1k9&#-X0*w$)V) zadRW*OxUAPh{F}8(|1DksNK5Iq%#P)uS+W>=cfLnVm z>_%bF*?#&BmJr?aPDg{JfI_^E&Ok*;2!SUD35l0M2v-ATD2v@O@x-02GV*vCC5SCn z`e}2_=?Vuf4%Mj|+Rdk^M!vfxYi6r{+SrNJ z_dD|=$sE=Y=NMG@k5dG4RmM1;V3P#i2q`K@A+8p63wz4f`bMboe<4kBQiEjJMC%|N zBa$wDf#*%PSlC}ySNyv}c4C3*Ytz^R?=p(T&8NyotB^$0j3pV&Rkn_=1VhGGGy! z2HHIz$huCMQ)oBe>1g7;e=b7bujJUM`9kx~3mD|?d#|*6_p9&w94#(9s28W_er+kN z1nGeD5omG=Su1>gwB}FQyp6v=_$&-l|2QAK&KXt2#4{WWF=J9mm2MEITf2wojUHg3 zO34J9n7F1Un2Q)P`|4)w6)7LbzcEdqou&Ms0PPbEE-|w9A(!Q0>?elH2b#8yF#`XL z`q95(`T0B*tNN)M&9{ov$!RkN3qFFdSwQoIrA1C*P; z*Nuk_2PG1~{iho8mo19`1(Ouw2u$6x%73R$^hGzwnUaJivu+;zZMxWGdDQ&TFh zFw3C4;5Q^Bb0l>$pH=)^*=L@X%MRXloAp~&rL>t*ZC&*aeiYt-zee<8^F{ONtlkY3 zJc8@79Sofwn1{z|2M1eQD3?*~HNvVr=x(KZ0piVkys5zwn1Vbx@~n#pjYf^t=B0G_ zo?IkB=-0(}lpvn0u57$5_%AC2gL6$X#6tpfZ_pWKx8{ifqM*Z^YHwpIsk(&mDK(_byVDdbj28inucd zZL#k!U?w%4WW#p9=hZF=-g8%hMmOuSSDg*6Esw#G7tsUz)Uzki$k;G!DpD@l&KzKr zhk(s&*So4oi!R!q8E?Pp-$m_{^Gg2S`e(Aq3xH9jyK}s%6@1T7UYArnr^MpqqAS3# zlJDZp&<6$DaCwlOwk$uMr42SAoO?!NG`~nEZ=A*XG?XN;myzH#{+~U$?7$t8-d3u@(L& z9UV-)ZQiIUTf0oeH}{~NCV{!8^@rn!P3*JfHJTF!vDJ(z+6HmytA(4qh8NEo?!Ew$ z|MkvISacS?ps^nvh|jB>A-&a;ndo&zJ~^ci02WSI`Y!J&meVIv5Xor-_`M5uU1;M> zhrlU<)c)~v_xvH$7*f@W4TN*^k;hg?C&7K-VcHgEq%R+n6W9$dMI+Ef0~9Qw1_GgWb=+WcAxi5U-jqP-dT<*Jy63)z+ULT zAd~8aLnw_iWPx5UUp*jcB8e7z&OK~zL~qdm^~)%3JKd0~{PAd6rtHo=j=*NJ*nG57 zz@{g<=|KYOFiWW4V?pGkdUhHdj9aE#Mzw8%Xf4(NU_TYnvKQW_{eYPTlpnTyW1a>3 zW9%A|9+N@U6f$GdtcpDrxj_VUCX-g+r zgQ2CoT<#R3CuTk^CbGvK_PHLQc3oQMnxB^!sg0DyyvkW{SvGoUMC*jI$3EB~*QsKaED|1$}#pkZGr}G;8Z%AkdK^PgdyT6#E^K#A4db zvu$BDs?duer#tw-U>Y{ja-`sK+XVA{Tdd&$V>VH37*Jv0sFjaT(ZzqoqVd=pvai2R zklW4=(?tK+P%;9n2F-v`B_&=pHffp}v}TS|dN*EGfGJ2v14TDJ!ze~{9%$`l((`wS zO)L4R3s_5NkS`eC*Mde+I4Ub^+!d{F*+BjM|Cz9g-{>DEVPA0OsA z7Tzs6y1%bi84QMy4ZdHA3_GpDbo6JR=7S3S+E4vvf6u(YitsW|D}oPSzqBN--a$*l zgc1WPv2gr8s~$LGE@QAvsm>>{dtRW1p`^tX4nTmxS#> z#>GfYqD)b+naUs!;w>t#abluX{bCeT?@#0Ktu9tbt81pL1{X1!Yw*OCmj_O!Rx*s0 zaoaE8JMiT$6{F;5ULIq_vga$AskQlc7l&G`Ki@!fBB7qa>Ko)2G8QGUHSmRtCj~xp zGS*P{WB2cx{<}j*rHM>DBKW(0!2QTlB4}c%Q)PH{9yCBjpH?imC+{n6;8P!Y5w4Ds6CXFN&GpCIUpI%$fX8wGQ7VUx7vw__EiOc7|ER7fwR6ocA z{)D_dXLCkG(ojCEb0?u#b}fKN*LsD?NC>N4kAsv6WIEuZ@iWIAF!j~dE}2KMzx?x7 z8ro;#Y;r?04$gvWpAsC#J3n(^=LzOkAeVkIlgt) zmlcNrUuq{HI6I{Bge>OSssp&b!~U*Hx>dzPDd#4083Q8PQ0@vj73xvTVu0HUziiNl z_9g1=)&4FfT38;L`+g|?F{LU4-zer;-yTG&Zy6x9+v~|2j-`b=R00p{^KkWF!EO4p zK0Jb|cN-$3rvz|d)zUc*2*k!OaV9s($E-Y!> zzSv0Hr+pc|N&C|4=5)IHE1%s`YXFzVQ98X#S=PBxOa)CUC01jQ(RdKGkA<&o{L9D7 z@0eoBA^#~!IRuel!)tK2zTGVrCI~EiV(uqCvSRQgB*FM#>5u(TviQ;U zk_1uh<2HGBdz^>yqonY$aPxxE?`$haQ?^d2UC?gm(Tg3lNWfsiJQa_X(lVBJxl(DpOrJ{t~07P;Zu*E@leJ)Cz7<}d}Wc28||GgzTr+RuzhX4JQpy~7!W=p7<$V0W&B$ zbpp@+aeuw1sv?Ofx&h4|f{J!nVZrF~5zJRJ7P-oQ3ywT>W{QQ1(u#9v(fo?Wk_Tx(T_SLCgq*egc! zgVV@%cp#JrnS>%)$jFR**F7X)rBhLp#kiE7(f)Zdnc?5RSuPn&+4U!9d}>hJLz4c` zwO=9xGPbg1BV;Nf>WB2JT_Tm`B+b`_)Y`(cpv-DJtxBmZFYT`#(DvXd$u77OiO z>PqBE*A7fz_Pg6{wbD|0dAk7#GR9zpCDRd%0s&L8c5SHz+wo z%E5vtA-tflaCbOrzg{uDeXh=Nw}XG)N!g#|g8l9Lb6{_a@Nxk@W@97G(UxCUyViI6 z2IGu-v-SHH%O3Y=CpXn2*?S7Gn%|m?8Yu&=B!YT9mc*Hpk-t~$pso7ft#%4NEar`g zeH`6S>Dr!i{jq+&caeH1pDsEZkTjD!|1o#O)5UR>cYQ9(O6Q=&vk6N{#cv<*G_<|t z+t=2T|9bE@?F&^SJ6+4ocTwlXnTR2`C?oBT@QY}flGcY`SOtlw^m2b8vxp0P)8BC9 znfvsn+4Lr56L7h%l|B3}r#jlBY*f;z-$y9r3EG~4+&JqnwuI)g175R|E6 z7K~Yh|BP%AR7d$TWsj?V$l-O-hi-3Eco^;Hs6t1#qDYbgL-J@#YbG3 z7|Bl}A-1+=&l4BL``pHfbFzw5TbGrr@X)TsO^~_rigyq@Ao`hOI9w`ndO1K_N^>eM zIg))ORN7o|$~q^->Wiqg*UnMfPqBn)qarH{+=ikv-is`9lWPyA^}aHdcFIzH?nKK) zGWmCBlg@PSkpa6bpf0&bB2DygliqiR1VfUpW#7Y&JJ^JIXMgz?E(0#??LgU3V3Nv5 z{Wuh&_p#@3)077hW3{nG5bRNcxL(RBFej~2MDebITGn#d+7@NZyo_SP={&B4L`RSk zmlo9#&5GOKYSfKi0`2W!AZ6^Vr0*y)gEXQcoe~QaSBtF@_6lA}mgV)O@cO^u|6wL# z;q6)Qt`yWm8vuxJo4st(nd4(my@GQR^4vze^Y6Y9!&4+29gx^NDQ^}*F?*>d>84Vr zRCYc0GKXH5)LoJZ-{e5xp@UZP08c3Aw^({}g`xr~27VB=q1YX;tH_E~6ZdQ$*q(~- zDPurO@{ADv-TMkd={+%uQ6HyHqH?);nnL8|Fz18X9nBSBeYEDbe8_m+o6*Ve_Zyy= zT?qk`miO5W34EgK`P|NQ6j|6pVYS^ex`F4G#d&IS{q8Vgt}98R%V3$S;)ViiJGBq-wl`wTAQFI4J*admwk0~sbRv_P3)k+4LW2VE!dM)CxCR;N3vHySk;6@nq_L$8BVtP$@Z3 z?HgjS31|8K!$NYxr?;sm`@3e^oAXfN7S@-^von+IBqZ1VJdA(6#jUUFwu2AI3T^Ibl)mA_wr1 z*yieWKbs?F0BzZ7>KSYuy!Pz{3VrQTH_mBG1BL)FOx8FIZz^>Zc`TZ>dZ z)Y~1eavQ6&m^+u|X!8PnK^Vyin{(guyV4Gz=~CN?TX{78f&k9l8Gh=(fpujFzj*_a z!5X=B1h(DupT^Vh6glJmnI#Akh7J0T7>&C&Pby((#C(yOh3cia!aK`h?3i5N&EG+2 zUclZ`i1g|rgj0Dfi3`ur`?hr4Rs-fYy4Y)AJdNAf25bUZd4$w!hPs!NJR^XA2Py&T z)~c1}p{$(TLtk3|Qos;1p{(FsQeifjTy}DLdOGyj1#mroS_;nsyux-XIQ&AV|Mr#K znk>2^m}`1Ff6=(i{c-XPy53rxnLs{T$S(S#<53A<#o(Reij+^fR$X#P7)?_FSUT5f z959^NUl#(-VoJhx&?@G|FLXaGm+wP z3gx~U3aB-#wq|WFfR<9GRaZ>OQFavKKmR1`Gq_Ai}m3%E59(yhT{dsYq@3T zKwlQGVKi{bwnqh^?;E>W75;%kggPmCN(~p>1$)bZP{;?944qO3PbF2O4IBo-NjR$ zX6B&?|056g6S(>ye74M)7u#3~Napgp?3tKANp8Ihfz}tf98pSxI*RQ$i+RFYP^+2d zLWfH)MtOM#@)8XkBaXaJw;yaEnOlON!UK%*uemn0p|VJ zE);ddy!-~5g`p74cx?Aip7zzp4eTj+1aJ{mda(M0ZJ>nnIfF_}P2ltx*J)gCLK452 zQ;BgFQ)z#BeC=f?gCl--3J)ABs7W`Nfc2wi4v6KnYd@i?I`@4XB zG;nw-Qu|*@tD45epn-a*b1Y zFM^1cgs?%j{)?{kzH_9x?n+AzsaUo)A)^{Q(|Xa1A3``9U9Y$JAHrrD*<=EW^n1EH z--T3ImGZE=nKb?#TJ0op+rx5m0k7}YC?xpk_s@`HynG~%1Ix!8ySIbc)d|98wDn{7 znmcJ-L%BXfUmZ&X#j8w{K$_H-k{T<1_6-doK^~#!t!o5k+ngy!0r09(UZYl-l9Pkd z^>HG}WO>tHDn9pH%oeJR3ArE>&!?jaVQR99Y&_LC^dW(HJ4J zDxffr4}Yi6O2nZcTN0AWIX6+*DxJRTjFS^Di*Iw@FJMW=VwzL0K+Loair8S#O+RB| z9D3#3dh7yJLXGrlM4@Z58tU4!hPrvjXpC*LFer4uztT>`R z{v85N#_P~7cb*U>!V_b)u{%>Pb;D+>Xj!x2vK5r5GobCp{W&DAwU!*y2wyr-r&-!_wYY94b$`Ra}n3++4>B zHz}0zn-rD~n*L8aXZ{cM`uFi{r{qWory^yWBqU{D&N-1?Suz-dCJdSEvd;)bC`5K~ z>{}SwnUR{YXY5SF$kNCbq9Kg=UhZ?>f5rX%ZGM<}eCE17pU?GPUhmg4E^TSOcTno6 z2;8jq!=_tmx31{`o$pR2?9`d8{@#xFDl;w-w;U&F@%1f(zt@%%-Oo$6`*zYdnb(ts ziX18B4_mVF&e0Q(tMHBBFl_!yfzOybg?YTc$grd+u6u059RelUNEDRgqr25obE*PC zxc>g*(_6LY)>#W+mj50Jj*>FmCl;%?P!G>!74r1p_|z2wbJAi>K4%%2t=!FW|DjcM z@u*a>SY5gmDt3lB}ffnf=W3N4`86&ww!E&HSCclF$XTuK_0B zp#8zTwDXMzE*f(tgrI-Uw^GRB+EoaxW@d0*6x&0X*g?B@#_>L_@%;5LOlIfxCPTfHB! zZKfxWet=DO0mEu(_C95y`#{~Y-yAx*FQbP#=hYn!$qgKCPI|`-ZOC!i$cPlNDFnyP zgaamQ+y+UWu@4<09+_E|s&Vws|7dHDnr;oKuTOIFHS5<+N(3FQd7|ARO*?Nw*gTao zvpn%+X3QOpS%N}ASAXVBci>c-?@9=Wg(vt9XhE)ifr7!FK#-Q_xZ7_}#AP2}25Au0 zkQk#v)6#A{|8)bt9s}MG2j4z%x|PKb%-ItlzhxciyXG>*qe;LkhxwHVAQJe2)L&)k zXnj|K=5$~|>{WHTJod?uwdc{n63o_lu=_gwnDCS3o7X$LrmTuXIOM2LlOFiYe+LHT z26h|{-$7yR_i-b*3XV)MmBg)4y#x8msko-hz5D9|fl{qrw`1WZqWjjs0*8$?&a=?Y z`Pl9q70Sg=FzhCiZT%JNg*1dx&puNw3IG;m&1txE$TK$YfpQNN? z7X1eLac=JmFD8+PX;ra-VQPvWvZ27^d_z0@;dK&X^#Xp&$_Mo4FI%pg9O(6MfT@+;GwE?XT5h1x?!YTq?4Xd7SkM8cof zU6hxLpJuPaGJmzace4O}qKws0$(-H!DcT#3b#{9lJMRLH1=!cb_p&{!($~r=x5UY* zr>un0m|WBiM$E@3;abonGPd(V9^XFUgGdgN!!#LRDGU_3ep2N_bVrEsuW&0`B7S1# z$@u_8E-QlGx^&;lA<48 z+0=X8>y%brW?r+IkJ(G3jp6pOy&VJhwcX!U4rjP{T(Fx|*WFShYaQ@I6-AcHZMa&j zgWtHQ^=O-rF5+Sr2G8F2h3mvjO01P`w_#yb>DE6djh;3_2MTgtDMu?`g(!6H9Rfib zcAHutY2n53OvRac7=|Be0D}hmg!?|EwL|pG>_O<&TVk&NDdmV7np?ZwH(&goczAfTPOWwUbB~w5O zw^+{#COfAw<`&y82Xbiw`}a-vapBOxj>i$eC4OX|l~5H9n|AGamHguV$7jDV`HMo} zW=2UeZ4i*eTv)S@^W+F;K~WKr_wAf8+o`iP-t(O`?x3=Wa<6V4Z?0AJ9FSKM&|p>W zj=L2#IqFNW^Ef~h>?ZDO?TH0PLO@R7N({+HXC`?GS<hb5;y(GcIPc3f=h<0hBZG<$9dU@yy=*>o z#0ob7nVM}0!otsN-MP1tV?{ARSH^uo&?Q34(1$NT$t=eDhXG04-$2-Q-G3#Y$F`-Y zT31}aes8k(th^-&zKVPE;=7F6Fd_{~g4qGBL?Q-#)Bb z+FGXC^CI1X%wj^MHM4$iy(y2A`Dm!4Y1~-f$3F$;fb31F`x3P8`C)N&wP7;m!(xv$ zHK5`*rsn6EQj@&ZRgngLq33<9F1pe?1)w*pQ78S6&s zZ6D6pBwmv5@}u;xJZdWwjWpDNYUt>HBBEM$ILq{}ry6t#ToQkr{D%mdl%$vEf7`eg zB+Y`68dp0J^214~tSN{8c#l0x4-svg7&pR#smr@+7`J_diX=7Pzv9WYdaNP@)V(tf z3oK)8wK~t@dzZGH>s}8ud^v`s$_UZf-+im>{C3Tnp^FOk+bei^3%z?k+UPK!v{gYv z(UJ1LEbci+xy}1aAV3Q(qUZHq-r8P<; z$wuhcyIUA5dwUN)z^Ab=*FjnQ51UA{okX-dZE0#TrW>O0bJhr#BE;xX&>a$Bn-ekV5&v71!f3)+qdYB^f0w&)fdE^%skv0HK&IYZ>W4l4o$e zWjp<(&J`{s%!{Z`e)$q`2+YY};)gi*<0d6kj3xzTZO<%LGTU}U_bY+cPdsSep@yyh zm`xK^|7NXjH`;MrL}RzV18AYZM7@=ZAQay^rL`~)^LTyd-1+le38ENqhqGk5p_qNj zjMo0@yP6r3yQn?6RtHLdhN3)f!5l{4+YA@Y4eHDQiHMB`V>qbe=9o zhiS9l(y+?eEei_^U()nW_TyzYG{<84jHu#a?)-!AK~T`L0(nWFO)o^U*x{0r>h>L( zBVf~)aIqY@cHd{`-~hBB-8%aOjMAQr4^O?wAoRP-R!=pC)(Z{Kt|j=)e*7(URQ9>; zK;)#~MYDGsIPm^}8v;{( z_xn78`2avLR(?-L%N7eB=hW0x54%e_ zrhUzQsj{#}4|w{OI#E|w*WK-rJB=tZANJ|YVRJXyaRwh|P6IY_hZeuGGp!=FE5}>_ zc3{|!LfP5>u!{Hwu{r_P_?{)9QIc$sGnC2pfCSOkR@kD;*}Ldz*@w(+M8uVx&N?NL zJv5M z`~-skPfTHb{XJV$P*C#$Wa!lKqrVAQd@KaGK*>Ej=&yt$(i#B00e^_4XF0&MEv_v6 z`<*Y*kxiv@rRBpCRTVS2x`5@@UP}F6)Yl*nr)4Joi0`&o*U(@Eg}S$S{rjtMEj>F+ zZ%anS;_v^*7&~?>@sIz0KH8rD?!&(i$^VaiU}|S`E5Y_c{?0#IwSlgwPSxLz5&r>m CHZpVo literal 42332 zcmeFYWmp}-mNtq*aCawIaCi6M5D4xYcXti$0fM``y9al7ciFfGzdL7U&dhzj@7!m8 z+@GhP?%lP!q`OvCziX|xR);GoNFl-F!-Ii=A<0OKtAK&Q+Jn-0a4?|X8U~#+Ffc?Z z3o$Vz88IpFPaij5HlMm$AG^&apA<*d z)A7KZ%RE#pkjoH+t3E4Y;}DPIr~e!!7XXJNg@j>-kR#S-1Pl#Ig44V``i-^|OyiHL z;ZQD3-F~RuL5cE^fPKc^bq>hLM!5C`yE5wf_6rtlhTyca_)sRvoxdN3HHEZag>v%S zo)M+O_dWO|c~L^x-Au4J3;ry646t*m60?I_HnP|UhA>@9h*~HxBG!IzZ!|?P2dI8A zM<;4JmIg@VldWr$_aHVO|Ae72!k$yDZ=%R(V}(2&79VDO@6G#%G|$G%y&@PR|yPnPi9z9fnu*B^hzsYQ7RG&QIzuSfXoc4mDqTq*^pG34Rg9E8g<*2WKo#vp&evxwGujU#o-W@ z>G1De_J=wh55LZ3(fAaC%HAZ8ydQ8#QwoBLN!@7u@}i&kYO|$iNC+16BZYC%%c_Xl z=@UO&o(`-Qdh|NrZ!OJcXhaJrU>*LTyH`g|AHCh<=yDe()`_$9<=0BXNza+YP@LM0 zj!-)a!ttl+0Vnf^#n2(7WV=HAhWfS2)CyQ~w|yDN8g1fm{UHTfL;?Gvv(A9*h#S56nyyr-=YD zp2zwaBo1Z#=)COY!Z|w`M9L6UiZDZQsdXrnp0_I+ccj2Rq{l&@=lVBOMfb1f6#V2m z)D0N6is(2az9pg1l0mMxWOAxb&yO5?u5k;HD1&cgLi>ZMEuZXrrFx{T`B4WS{Iz1J zoB;Pijvx6Umu*$G`7J6+qoiL^2X>?sZK!Qx!Lb2~-IsB^OLqZXjxeUaQBzMJr;>R=yJ0_#gzcT;j^~Ap*Oj0L#dn`aXQKz^mgy2KHq-z%G%68FsM; zd~pwkKY#=dBG&*j4Ez%*wA>F}?B08NNY!3MW}HNS)*8eLm?Q(pWyGc+T>~a_sL&n< zdwdALybyhIBh%JDA?-yl|Ic;^YbDig$r_#_%kW+?g#YEio~ADLX8&?|6fJgLZ>;!{*2& zk!&P;UD&S#m1vPzn8=W5I!gH!wlKL&suGxFZ`ICIXcN^!P%4rKx77zb##D3tq=62MY{M+lS65?dSW5HVvY z%wEH_jc2;sMNZEF08p z8N6@L_Ikl?u}H{g%I(P&r`vLNny(t0+G5*MacEn){;n9yupl{owWB4$mmdVC2c4%$hVha+$OdgA?-(kq((hY&{WmGHl;(pKs+S z93{l(XfQY5n@;Yt4k<*|7CalTsjecf;;GWsxkO$f5wvulxjNjb-pE-0W2)X$O5;9~S3r);Gtk2)c56HUD%GBf3v(Q`61;>-7%727~UOV|q7H}<3R%le@DcmPuu*6JDbe-IuM z)-#ab&L;(uicBx&m|07?VtY})0BWpi=>G^`dBrf9Q5|W(VWShP;LqZhk)+{j;XRX% zf1ziqV65OzRsBNCLF-~=In^@lP(I`m z^@yv_`aTHt@(CJaQl33Eh3)$4bEZs(%*!mC#fSyptl+JYJ4Z*Bv#qC#Cs%f#exDy1 z9C`)1GyGdH-H$2OS2lGM{;9huozxXtc+8~8wthl~!ar*2;)@{_k1H%IYjrP5U zemc!LqI|uhT=|)hFhPwYXPdw)D_d}`>RnusHOmm0Xp=;7^XaCDAF{=;yTo2;{5$_R z%5e4Q2Q!DoX%|E%giP;%g~A-Ryq7wz`X8XPH?N=P7~&Y7lNo=;NLH%_HY=Tv`j|Cv zWuTt#@W<4OU@|Y4*9D10l>}YH=A>-al8&`HfAOE|*Q+NN%2mp`pXms%*wz|hOqfj8 zy8B(`=XuqIfwQ-OD!>6C8|M}$`vdTY39I{#VMJrLZQkkR8PE^-3E=t#%ed7gYA3N1 zF+?X-ZLKk&rPg+OekxNwl@v>}RTI)CSzFXeUY2K3Ik5_`68awTrTRPc_wy>wO1*Dy zzL^FaN%tZ^AXkbF&DxbkzWZLK{7yQ)<(cIu7Y5gnoo^eZ#aOC-r(flUWnH5+Fxlp( z&H371Q+CCDS>=Xdo3RCvR&fb%oyYg+K$omN?Ns-a>)iB$aSif;=Hc~8d)1EXLGr?8 z<*2jTxBLA46fz335J|ePA>=|*+1N|>GOTvmTN=u%;N7E5C_RcA5hs7g9o)V2 zb$nNTu#{JfOsosh6#sh*KxJ$L!&p&=kLSnkJ2sEkl(rOqqWd0^Zw3&)OGBI z;GvN3wfOtKlhn29^W2RY_LOCIyMWL<-lE6Tl!KpZM_kwO`Ijfz%j(l)WTwXtqPxd| zi`osMYLn_`Jtkk{SJSmMG&^liBQN5PF`uQEuDhV?&~uVbp{%FG*Aval`Kf{_EPcXm zcE9LX&uXUTYQ@on>u=iNh{)^|kp4?++k#}!V1s}bKip!$qf#j4Ylh>?G~`AEf?m?I?)R!))st^E&MAyJX(SKrdq$uu?pKrn;`K zO&1>@{iYrhJ4k!$h-dFoOmcn#YebbipkyG=HtZ8uQi?w@@JO*2Om)3Lw1H-2L zdw|QRe7*t$1JAPfrs1q1FUMECt@jqF^U1<1+&-sqp(e>^9^-QvIRWb5>w-2!!x>2D4b3nMerKidXX z<^Ow?SINR1V67o;VFR#r0^LK9g@>7){~s0pkF5W`<^QOv`9G?1vi{GS|0Cx=Yw|Pw z?ZN-((SL~RA6G&05`^bx`lsv#;c;zdKtl#bXd$ln4RnV1J2s$A8FbM6=NXj#R^_2j z$p{7}3??Hk^35ImEE6^bYhX4cGQ(+-Ck675zS}^A}lYAoIJuGN*Pn4mk>>& zHv>z#$!W9t zd9B$lS-|UI-$+&`>0eu+q}Tz!gAruI(J2dbS{+rItXDK5FP3g;wl9{FV__BlYlhY^ zeX7u?6$NG2F`)#!P=TY9{$KY12$>wYR92OI$!N%%b=qy>xa1^iiT`RPZVRfyUAshy zj8?y^Bk_yc*9c77pIhw*4>JGCPR{8;U+(m3wq9$J=d@j?@p`;Sf>i4-^w&19bI9WU zFH>1q;S;IN&1e!G^sY^#7ZeWlKPv?Q#(v=`cEe+RA+%2t)6@MIT?R*ACV?XzHtGvOqGHpl)M|VP6;t?w zOS?@K6@l>cpCBhp70}SYzEW=%J71xhV3FXV`Y&zk9zjxn=h3lbrsTgv18VoN7j1uw zk#_r#WNn%u*2^YCE`xi9?c3My+o!E6botH7?V3hr@G5SC4-MCPwU-X(r zO^YoKd;IICU0d^l81~toH?$r*!8qhl)1m7kuq2=RLQ#@E?@uL)h6t7$t&$N5xs|#y z?h4PAYsJ#oEy%?}5aY#A_}Dkg;-8N9ae;EL)_Eo-CgMf<9tTOYFEN|(*B$shU6S40 ztM#pDu~Bi6OkK-=J9a*0%jEZVpKP{3yCp9ZQEGPZ=DiQfjH_C5xz88~#?hsrkczpJ z8>^0YwOJd9z@p<%zw~u-YuyPU;Gf%#_U3!iKAFjvnm77*Iu%kW{F+p9@?F;>NiLm} z!Lp4n*Zq1|rAbGVR==vl!}e;t!D3GGbg>f1h|L>yblzed8=3ae6NDoD@^GGCXp_QP9$-?{lA|<8;rVJSP8UV`<>bk;TAoJfby|CvlJ$$@r7F`7ZAH9yp{! z1YtWzC7=JxV|RqQK($ywd5$OGFB~9$2KkRD1?3}7WdEG;|L?@I{wJlLi9Nc|k|kp; zB8qbL${Xue=aX4hn`d?rX9IFq-=kY-3&%GYa2!!v^2OW5tef|jOE2t7joLh6!l0a_ zB}s6u>hKV|SO{D0bPXr_Ew}SkwdeawoHktObtU!;kSD4H2B*}+0EUxVEd4KJ8FvGc z_F*68=~{Dj6bYB0<=Ea(EY6)O{uJtp`|oRNxPF7~`?k*HyVHd+As$QbsVo7E#O9L`g1IUHJn}v04 zv*`Z|QvUhg{zpPM;_rx};84*soZTN~}Iklj$aHRdR zi>~~8b-H zN2B?|SCs;tlW#oq#6#e620)T}N@Ml3Z`>~?v?^WW;NC_29RH1T(hLxM$(6qZ@YeE? z%k0BKrUbNnHVqZxAZHSG*d_NC?>1Vd@ zGp+fr)Q5X6ec1#mdC?%ZI8;g(tv*-!u&Ki!%KV6}NOx%0p1mf%nv0G(&E>+*!tLpt6 zzeZ099;vT%dX&$%-CCBqPnOcUSiju%?ia}|XHW5M)?R8gDo$r>jy5u+&pLCmEZ<=#h zoR^;EiyROy2howNWRqmqWNOpY`dqP6k&9Do{3au#+93;(ZRsh~=3S^I9=^B8(F!yh z3*4^9-)Ac<)_GQIlB@-sZ#JlL`rJn1F;?D}?UF?=@qMpKVi0<__*L#6W9mkyvy9mO z!Rb?e^bXvrllQpXtkL{RwD|2S$)?U|wu?7SbF}`O_2!c+UvLB#2eN0dZ1ViGu+5&1 z@zKD`M!Qoor|<{4SEC@fR5$AoAz{mC2$L`K7}R7GOYK>BDDe7QRIT`3MbcC^oz+&_ z=K}>kty9E#w?h1jAtKLe@e1jkaVJK#--K@AFpc8y1KmP9a1e*?rmpllRFr88Q~Q;V z7T2B}Gyh5DJ=R;6JL|b0kY|D*wx=vN3&tkyl3%ikjpdj$2p_k{BcmYFSXh+-0b^xfJJge2!&t5sS zd>~6Q!$1FNDl77svTRudh{Q7blL#T1TBj(9za&1OQ; zbg%EpUy6UN)hJqUuRCo|IA0(OsY3tZM_)n1uh7=oADj1Dht{uK)pdruZgs{p@GFg; zotVl;UFi2#sm3&Ziw>vb-#EEK4Hq}qJ<2xu(hH@7>kd648$}-568TieTsqwzzt=w+ z&)_E&o;ieuWJylfW3^ogrUkq>ZM^8q40a405=A_MT`bjU{o3oy{2o(_VCN^krN)*w zS$AhRQP7*;gF3zIMa-2^leWFF6Y?@ug#o`T#j_=6Q(1ZojhTN; z+xL0QiQC-_yHZDFsWj)nPQKS&fxhwuvhKXvqX>E0WW6TkKue)1*5ztFmwx$qjee!k zGV^S{F2_6xUPYz*O_@sV)Z4V{jH`GkeF=E3Q>(t%#Wpg3=}NC>!Kq*2N$GS^Lh)IP z*zW0xNz+}bs7UGMf>E+x{!T;rDBVk$WUogl_iaR_{j$*kqyq?Wlqa!;#kYSbQj1r< zzM*W%X7ak^6|H@u`(Bl}7bBpsrk6*cf5z%_aYoU+{&U6NviQl5&+U{Rq(krJY~TDU z4-S&`ALPcy(BNAXtqsn!zs6oXbZ@@4^OT3fz{oUdNQHNyvL+ZuaQ#%bIc&P zg8xJfG9fTYAwC-X+pmR$QU?cqG7w1OhoKKdhcutB=0wKQeQQE!%k6c3Uw{OJ`Z_NX zIVSj;H+_X4nSGHO3t{R?{(6*6%VF2PULgz4Mf>B$d*_b04^VxJRO_=zzK13Emq$+X zaRh5+z<3xD`4Hm^)?j_y<)hs;y$;c+v;H$C*F^)D~ftNqE zK3Gf@xrU9Bv9hcLwCDZ)`an2LW?4(;ZjCScvx{t2*F9z?bAEmtyP6407mwpkQl?oh z`P)wwjwdTBZ-bHJ^kD3B?phmg)VWsZ@hGyZE)PC#D z2JrpSFYnQOHTrRk(a6u8jJbJS(k} zDcg>YOZ9!Ia&umSi9X%!K%jjkU)9fuqcXTmNZEbeSTh6VZt9MymP@@-wwClnA-47F z&og562TXZ0X`LU^a?0)}kW6?Ycx$%&t|hp|;o@$IMq?{xBW~H>PMt&MJKiGBo?3CWuKxh*Y)rLG5Zt@s1V;3e!|3A_A=BTv z7Ul!C3(!~|@fN}-1aa|3Orb(E2i~%y=ub&#v`Ra^@n5o+I%>WYuq734R6tbm#`K2M z2|?-1v*odJK2LB~Pnx6QARTgNZXd-ZX4+nQ+a2bb@v%|?+{G>=-Zq0O%00SI<7;(?(Q>eWurVx- zGDzj2biWkFF=EdZ?mOW>wpZ@iG|B_;EvU<*S>8WFpe|V+`(q@=D3H#E&1betyT16V z*GiLjmoN$Q>pjl+)eneg63F%hlZIR%>jdFKUoaC!Vrg#x%C_#9XiJr=!qcK}M5*BC zxhgfmaRL#bWW>8KRvHGv0=50pE%4pR9+o;UO)+xKm+HI23ba`@2G(@j<$tJS0rYNi z2B|psnviA?k+xAYg2Z*gJT+{Am-S~<6L#bfj1Ql#5l#ruJhTpex*p=9*&v|7K=97m zi$ayWR&&OmYsY_z@2$;13>2qY8UdS9O!%&bh!Td0f^L7^QH`JQG|uIFpm(byi9E_x zvs>CMS3sAwQ)CxnqLrS>h)^|UYZ6PHBMGHrqtAdw{biM(Pk|~fQ}+7^ze}9>AdGnZ z_s)u-M8USgvsrWZu%j@&P_@>)pl{vp5L+we4Ovy$u8|SVTCTgkRSvh5Du>HrP`XkT zctXmkwGq;GVMfDn@f8DJOJd%7&POypi%oFkwB>pm%3n%?;K(mf!$Y3Jntsd)>%q5h zqnI?q@lju8Y&<THtXMCl-KU|u1(23wRYd*5xFgf1X@_KGNAkO+5C>*}27%xRk>jGRzQWSjeuV3G{qm~VVLE@h~ z8xAG$rD?vqk~|iLdp}sxFR)xFb7h%gQki%Md4z|TQzw3-nXNZd{@wox zMAJftfkCgo-5T{7du*yfHukzSvwK?Ds}P@E2}_vtKRiX|&n~I-YzSS#dd*|nGlT~| zrl+&!ZqIyKHtTquSu)uO-I5M&qLw~?*ERlKGe$lExK$*HZ9RKdWZymC8K=>MYcSt; zwmGQ3G{@{0XDjVB_Q}g5tYvHh7b6)!Ra5W0>cWeq-WFYl2Sy_1jRZ0VMRO-xLsIq+ zt`M1mnV?VXN2fSy1IoMVY*75;&VPKGlh(aYyDeC4JZi0rI(_c8MgZ>8=Zh zL;e-T^qdOcBiw6(W8JR>McMW@ID`V_qLMm88;~Wzx3i|`!uH`kKX6N&VY7Wx{7BCw zcIVS|Q}3Qz2(Qq#S5Hxxyz__1*b1D^I6~XwIj=Nzr~5RU>z#ji4+nL@lrsi{T_9A; zH!S;&mlk!B^U2Sj$@!}<5{84_U_go!Cx)>|FlQ>)!FIM`BEX`<1_njks;m{Q1u6TS zsgV7=jf3CGzO09Ye#J9nL&5jWcBx_c{ep!2W%gFC-KB*zL6SATB>rC2-QbNnLEaUW z&sEW~ z0|I@z)t6u1ULKRlB_iC5*5aALxda$=Js&TKD5+NONi~Gt|Li%AmKHC|u=s7c?;*9? z9s3Z+vzZ68O>&D76TaunS7qux!D~%s{z_g`Q18j)a?8@O?}ZLLwqCku{}6PN->?Wr zytIS30HMYHx>H@JjYCY!lIc_`!$1VqZ3Zi}4hnM2Unhha!~i}{A#}O-sGjzIXs=`1 zikO+His!}FhbV5HKc(dQ6Np=Xq)LLjeYC23_!P9#V%$7yv~#s$zc**=yUD5>OM zU$DJ35Ad#_D5!Vd1;8_>B4tS9SievDVY1bW++z$Cv1u{#f;SN*LodqhnL(CP!`ogG0@D-dB(3%9CNWnjDRC)#k z*gi(Vsq&gOudhUjGrr>tdhzUcaFMcv~^kTKR9qD=~ ze*TR+Q&yE?{6xA-gf>tTw30Y`O>RHa6IJ4IcZoOz!;SIT(t~z8P-+hcRw5i+1cEUJ zJy4bcczJeJfc-y0a)(I;L5&0q%P8qV^khhP>mb`$W5rJ~zz`(3YJQo9x^Ep!yf z7ZoIyG`1#tPr%qvFNgV(fpE!8+l00fnpoxwiNOs?iqs@iSb>ZiuGQhzDN|bsU_dnD z6MuZ=)P6{RD+v;*Zzh44qwe^VRSaEfRY@d`*1}y}Q^$k_t;1!*^Ftf1<>mKZo7Aux zttb+f`ynL?Vs*-n99y=B0|>0Q-b_u?%~cBDrAh#s{c?%YbQAn&GGT=gMIjUUNzrrD z>!t4+mMA~n0_Hb+#ztSpYv7_{k_D#y?e*6v4+{`~%}!&9@|UU(H@~046|(KPJ1=Ll z9qM{Nv?^68j3D%xpV^hXC3fgXySb)bAvSZxGKsNuai*hyS+n?qgznvJyYb}_x%K;C zEXgG!z7wwK6#`QiDlQS;=k3k)J=3Q{pj}>`S&%D)^4*D97IxUWF9NzfU&fq>V0upL z*nNgE9@LR?Z1hji8crx)ckGYZHuuXt&`iY$XEs76b5kBX(}C(*2U||MCp1P6qUTT1cyK^+sGY8P;A?DgrySv#KJ6hY9~<{I10& z7G#4VzZkxSvDOGSlEBNzm{l|qg%5#>(~cM(8eJHS^fLP@^aJS=^rK%zij&iKPwl9R-Q^TQ)v>FCs43+Q;uYV!m55MAFiaC7VMEl!MQ#knwO+j?nVyIw0;R zOI6gz_?-h%9y2Rb`7%ITElOZLW-zK}K=k;?Wsj>{I&}{@{u#wga(Fc<9s(Ds07SO3 z&MsR)k20h6RRKRHWWkptJz&Epm+kn$aZc*cC?k*B2h0>DCXs-vCF4fV3bxOZ&S_he zV*0~!c2U6#ucE+^sqQ7|ajh)R?|Bf6i@Lnl4Gt|<&x4Ruy6%U1yB||@;5eoJ%3NQ( zc6ZXq@6@Ma&iUXlHhj}&whpx9B_i6i*(#HvJL#->4dCi01PQTl(JY}9v4RYbtFf0> z5XGwlE;pBkePc8N#%tzb6M?xb%L#&~|S$8kjU$7K3$*hM3>GQWG zM^K$d=kaAsWA&LWbR`~tmg9gD>0Es|y?q5=wQxw)fw|RAWS{;@4z2ULvZlC16Wgy~gSC{rtSM?<+ z@{>R`gsmXDUY&b*hWl=~vRBLXAVH!2hp+M+Q}>x;tp9R{htt!Ikbc_1wA*>2U9tP( z(|hRUz*Y~h&$Ba6v6wS2I$W=Onh6)2@Lk98@5ue5Y`+I<42p#^3$vBBvr~?8zeKsnnS`i;?{}TQqC> zRVbSbV+-L^*tXm1mrM4D9B);9@B4WLaAUO=4&UO{0CwhRgCkOAw4}gy&h7y?qsv8` zx~LQBdr9z*w3@E6;geBRe9Rba)UCo=ulLRO2U7obKqn0d6elf)xcF7d1{m1eYxK*g za4YpZNEYm9ohMq|C=f(6P9X@OU5V`gvHuBo6~_st_#T1pdR%Xh-vf$i@k1)rxL-b( zt^ncZ49tpKyVJX~O`khPQx1Hp4N~)xMpJzOr--d1x|Ei z=EN2%ovSb^ZZEBPlOqnsej}Ut$FO!6fVaYuqF@OzCj7uScnoALb6oKVvGpw~iO(uE zCo%*xQ1OA!>-}{mqfm)U$6RZ7*QpEsmd!{<@NlhRT4Jr(CgwESrATuGXd?Mrgp1Su zs%Fzjf$vH|)_piaxI0jjR1-pkrNE1%g*~bi!3i?q*2S|osVL?M=e8D-9fKg6@Eo&E zUAtbS$JD{kaL#{%$nYVI3b#o0@~#<`A@|gnx~iv+OwPY^u-%MRMRw`U6yuIIk~)wV zkN3ahNt75k+UpzaTkp>t$~uU?S;0~Jz)D(l<| z9OrFnvRgff_O3JdTagI4BFK2$ytKEqx_bqiqMfpKN|5o3!km)6KTE?}+@Aj~KBl!-+mPnA9y!k0y$5zgEg1Wd75q@QRGe=8YE7|#k+{5Kw!Q)GaJeg zc{Y+IMAZVpcp4k#9+dj72RW*nxFJ14RBmS-)>DF#BRH!=k?(N1`)0#B!jG{r8S!@T zt*7zrYhUZANonsO#5i|f$rYH@U7(~%xfqT0&UtK_AiFUU!LRzGABGtivx7r*;+yxj zt^U4tqfd!|(e%uY$*V}H^E@^p8p)x(OYr#g4}t_SVhslhqqi>n)p ze5G&qi5qv#)*)dBaA(@z`Mg~XQwkeuy;uafu4u~oT)WZy;AZx?6&x*;_A0|?)24_~ z`#J2e2>Fy}I}WYDVW`GEl(Hmk?2&rhRV3{Y@w^7a%au7aS>(vZs#Zz@bj&S zYi;2X@7Z_AXV4f!cK%s*01URP?3u4@r>C&JuM8^(zDm!{A)-yXfj^;rU7Wcp~L86^Y7hKO+O>m|=`YmCdu)zy2L zE}R*KTI>Gu!`tHA&E`LYVSr;XqK!b(_Fx|&#=^H{!POW(6b1Ww z-UnxD2_!CW(YZORR2-9&W^=7me^-ij`sZDVvU7J(AOvx)&Lj#t@r>VT0aGW+7nL<~ z$3-l7yY_R=)=oE5Lm}5Q4ZP_sZ3{wf`yA5y8Y^iW{@tDN-?IvKvkl?iZ}&^C^RHd^ zi`tG-mwfzlHS1S9eFrUjbp#*N`j#KQZ_sb2Z4WneOtQem$_*JwM1r?n^C@<|*<3ML zi?yoC4DXwfI;SIrIh2cOuh3CYsMI<6Ax>#p_scuq+))J|MHt1QSX{8X=j;ge$cz+; z&8+aA1_{A^N+{*8bD^AWXW$}I5OJSF$JK9yEDP!KwWCQvh+GU&-e>mr+bN-g+9Bcu zec$(idU|pPvbd!Z{D6^fo_&13j z39Xwhw|lHBM1&CcptB1f1rQ8)q+;^zOG50LpnK!A!5D7(-}F>JxpUfeC=~e-OJU-uGV%CM6|g4 z;Krqm!IaiA(>9e;<@x)x8CgFbJFb{Ft&2Uz8}t0J@mtSOD5qe}j5PY^oNX~jhi+=X z&@R>?abOFyGObu=`3!R)FxU%8v)>vrny_Wjc8?-Ppt`E@Anuqc zPbmHn9ZjBDJl7wO5ZSd-vpR2{6@w=Pj!s-_pe_Th#r)4#Am=>4_A=*>x?LBmlw;WM zItX9!!Vls{y;j7Sr0|uubCjN^i%h*=$fI-A(MWbpK%Sq$b=Uy9{Zi*+68+Mk*1FgM zN9GrNnB7nA@krF%adUfIlQOl0i5OxT3lAG z6DGiD_fCbp(;duffy-M+t6@PQ;uPDKVvROo1FuFLWhpS&z_Xb%0WAB*b^ks@{9r@# z`RIcRBMFE^2Aarg-+;ocXC-m^es25{gX`I(wBWjTG9!bLZ8M6=uQWo+@4w~lf_}-< zB;!XDoAm#wSQuBdO%X9~ek;xGMNrmqXGBZ=@wUs`^8^>Y7M>zQU7QEIs93Z!3$I00 zXdNYJZ&RRKdzw^OS~TT6!9Nun&4n~U(|+WJXKgyvj_g6UOeKJhyAw$_MHFF_F8(3vkU=*r)MxSs>5aXgj za$?_n-0r=XER=S$xdmEfD69woy>%YRk6icUVI`;m6}fU^x}55qxOA)s>OH{}6XaMk zq>1_OP-sh9DgKeq6B!E4ct-;{(zY+Q{jR5oi!`)8Td=8}O`Ok5zhqm6(mT1xRSw&M zTHrXB<@f?j92Wi8U9@EYOsEd#Aex4oRyX;y<3T1QWbN_0=;#~pkoTWx_ekl*v>m-P zzeuAGwwYT>F86TRr*NP5q5$C?!0+9!@o2)enQf;US_%>c;tX6{a_T(;ofa=VkHyV; z%i6)``tO{0sHDQZq}#i?-FNRe^3OXrr_({w4`CK>1+Bi_B1#ehzwu8A7#bJ@1WT4W ztCer_2U8t8ug4zY`wN)sV^EKU+SIel$BiB~e{+4xV8ga#C(lE0u-owhzb7|7#hq2U z^x(3J@M%&KqAgz9BIbkAfookf`qaYXvy_h<>AYG)TFX59QOs(6Wo{R%5q=qcmxYq< zLYL`hy5GJg7j`|h*chQ+S%AmRx-_&~uKzY47J)m+#ouIM6aL`Qq5LAqiS|cxh2xC> z6~z1Oz7Y7x<&OvC3V=-(wyRgE_R>!@$mbwyK5ky9oKBzlbJ9mTHEn542;pO)HLx&c zQGVGTEJNrGAVhoiU5jMoXe7p4#5PQxlJ}Xn?R$eBYe*+yM;o{2w!G8vyEb!k=%%}l zDzM;#IL#>`Ak~HsF&y??P|D1*egnPh)o_Fk%2PpLh_C=FQ~fr2kV@NZHeKVK?)qUz zOWY^04(@ZSSXt2oyT+7iqdS{w%ver;c z4d#mmZRJqVPZl-?OP?2_UB6^0h7=A^up(|Mf12RUOgyXO{%}d<+n>2um2&lmvHc0I ztwce$yK8!`>)UY0tKL-TH&B@7J}9_y&NXs8M1p?#6!(1T;cYxQQy1+m;~9D|z0K+y zaKmj)A_~`I@Wjmhxua62wJ!Vt3B93a*G0FA&F5e>dcInJ3(mlmuv-MJMVev#@uDl> z?VeG)Np2G8p0&NM(+<*>2Qh+r4m{F5Hmen-{I}z55F+b#BBBo`#o3J2T@PhuGubg-lr>*twd8v#n}(=g-@;LAlEfk=v~A1;^Ka} z6cpp=eRnN2TVp6TbxqCp^D6}7a=VXswQjRIHoXQZo7rUI(oi?(X{^I}1;l$O&;^HS zwqcZa*#CNAqNJMO&8se%(L?3eIcL{)2^UK2!sFf@7C~$k?-b8Fo^qx>gVEkHKS~L7 z{YSaKY=`3uQfc`d%oz9&0>syT3G66QFf+`?ZrRKorMYZ3p2XV!IHLU_ z#hyhGoRfZmMz^yEyLous;U3Lhf`&PGXWVuI`b<@x`9SIL>lbYEJ<{jzs<9jt*!@;# zwZK&U=wIp8d1$k8!4e_{Jl=2PLwPPWVN)~9TWzsFjY2G5w?MGix3|*v6nau;GVBz>ga0(WeDoJ*V17GCg9YG% zIW%PHN!<+{Hg~iwzMl^ggoZNn2OCn|mq-%gHXEBsh$~<(hJ0y`-%KUKa~5iFc-u{N z_&Ghy9p;8wG!2X0k$n#P>iTxvWF#BsZ$+N9-C9YqW=-FS=yisxtjev0K*~Nw!MFu(E(ws| zZ0A_l@%!!OE{i!6#RzMD5t!1@nKdpsYK+;i zvoCd=*OeTDpWz@A8*Y9)aGx>F{w6OZoE`2Bpi!
xC)M&#l`e)|gwE**g_!EThN zFfA8sYnvwcbZNG3gIDlLZl4S@GzY@%r-LFav8aObj6yN4o$h-A05QQPL%W885_= z8=u~2`gCfM_vo_R`^3ixlvODl$x|_%iBAhk(nB;w0YAIkmh>&Z=wr?Cm?nuTiCxvuUbp(atJ>Zf~k|98HlR^fi zQ_U5%vfqAF3SS>`1-u1Qj1xv<_w&K$5sZq%1)xG18u|=tfiKbTzrf~#O@+RxJDBZd z2Dzb}ilCNWZ9Wj3=7+5}94?k$Zv6u;hp9k!)-h#2EzHrz{P?jnZaug#b6EhS#2q(S7l@QSYHQX!_3LELr|14TlcV3;EEUcdtIrw_oof5= zLD!CrVcWB9gM6DuH)pHbKBa20us&SfwVEeOia(iozK`@LrP1*&Bmlc&pud>hMPf~# zx9H_1HB>tE1?RGqR93yG(Wg6qyrgjGg12cGzmFE;5$V)eUT^M33x@tY$^uveUN2+~o`tp&qo)&n0VfXyZeA{W>-CEP(!MX5>y?T7Zl^&eS z+V6o_uEACUoGZ$NSpEYz)m`B8@}R6u@IGxXqGe+BUEigV`YSdBfy#T^VymiIDzBRA zHvnG$Ot$YkE&5Y9%?w2>w~7u6dZh2w4lEV#LKUnC-tRgq6#gs!ld*-&Lu9ci{&w9a zHT$>3K1;v@kURBAzjV;X$m)J&Fvac$6?hv?oq>zB^D%WC0^q8|Doxt zqni5v{{;~cM5F~IMUYmyk&u#*mX_|4j?pEJbf+|s*``AfYrwrd_9(9_G`#3x>+K;W-HNBMWoC(#;Lp)RjJYLhAHi7J#oBW5cVwGX+A( zSL$p-47`y|JbQIapu~kO6+^ zBZ%U{%9&Dd;`kWHptbcxD||<|1jXLN<4q!?jg;)0D?g*OLdv@0Dm~%6y1mUsFBb9b z-@77UrS(n7AAuyqUvkK*58@Cwvi5V(GG58W?@k%*sIh)l%n%KyNe8vJJZAx)Lz#=L ziJSj>GoS1@cQqqus7CA&V1Lkb_l;`ud4sfQ9Q`Q;tyE5R&@mT0kB;g#NutecWNu3Q zWI9F=ji6CGi+TnaKX1FBN64!lXtP zKSqQ#k*ci?N6kWO43Xw!EY<@IO>r=e`op|l0U{yYAo)r27ECTG$VBds6yYjygVr%C zj{>PJLl~9HR5a;H4eh<1*IGm9RCN@*z+f-rp5gM)h`elRcIFl}) zR0kl6S3u?&kc3g$_4Gs6#8$yhX-*TPrZH|CT6_(e#LYVYhIHmGG&18`#C5KVez)oL zM0msGoU#*cMy5-|coX0@O3 zR5RTHTX$<%DI@}wYE`xpyXDoUrv#J9T-3QokhHV;E_*U9bQvlXan(fHT=veg-;}+c z8NOlvgCXdn&Fg$nM;7!|GGvaK5o+p|O1Z=^)b8;;TIk`>_Zt+h5Ou{^QBP=JnbefI z_HiArEh06bSnEHz7zC(qCmsJhbbhKtpT@h4fg;oHGsf<#W&oi zxWdXc{AK3p7DoJcHhnh%xH!+|0^4iF8sX31SU0TWEp>FFnCp_Fz0)RL4@7ZT`_xUs zz6v%vdbuf=4?NT3!Q{fy7Yf^2enDJX4|qF&jO>jHJL+=mobMGoHr#rA80_*+LnE)( zFh%Cd*Q+u|#sdt~!?14JFTKrh|FyEQMfqaSS`UvB&JjWW_}Yi4RhiDTI%w+N&Sywy zG54D{hK*p1qfw8ATPiE?^AQ7enq)^o5uM&aH-ZrgA!9}o(xY(i^yW|Pzp+`m+SAu8 z$M3$@lQ`nNCv*oug8Qa6pW*}{Xg^Schd`r<9JJJ+lWB1eb{m}-kGCP9Du5w9K` z(y|&^j$FF{XR4R5M*KS}ReO1af4yv-pK6LAY|Q=uLcHwO1-9=|@!pS(1#r3((^9* zUGH+S*UZ&Cy#q;Il0>M~PidwPUtPGfZVnF)WTJ&zI6}c_WXLp$v4yT`JiRHEYCZHA z^IE1?z>_IdFf&2S0pb|@fv!b?AvN{x&$=^{$h!hi)#ofWDgw>Dr}7XlP3!j6QMl=< zP(%bfUvDSTi?eG23_xDMWDy2FifK7wq~L08m}OFJPrs9h$ceNiQ1YM*yXeWJ3d#ma zaPHUEd0af}L@Tk_RR4$0ai78^Db1E)(7=d%jh=%cRU-pdWe<}x{q#3TP)x$i&1_7} zt ziUZ2NUUWQhqi#uh`N|f<9I(k^z${B8L`M5ZQAYygVdmc)jFrS2Rd6QhcIuH)bvXU6 zS{t+_EoJfB9vBqk?qzf7_4e-?a+1u2h~aylm*WS*nCg1Ww{IjiZ-^#{iN2iNy|;J3 zYw?yYHexx?{$gd5gC<1N$D*DjmGnfDyt;9-xKnYyvzu2YUg$h*o*llhm^_c82#%4{ zET{_(#Sts*j5INXr$?JQ6vsl(l5Fki09ofNac=cACk{VMdB(c@wh=a_bC3{#B z7Y$lQ?}RW&7x#^BC<y42SnG^~shl}nKO zS1TUc=R;4lV`%mSJkU^wQ`}{LhhA! ztZWAVoI(`EBe^Dc!Jt zQ>n#KkNUbYd?iNY;sF9?5R|=`H#kA!j%;5C$GFNCui(0~yJsF|bz`7hLd?I>U`;R> z9Szq83S2q2s;&G+BnSZBWgQsd%JobVeS=WRmKq%kWJClAnK^z{e?9y2!&_RJCyU3< z1bSp?YltGE;7u1TDb2tA&tLWTQmF)Y{HIU8?bJaw%HEoNmLySM=HhjG)qy9awDCbE z{llw5Q+}rfuLhA!tW3*n1r)S2ihtH-g(k#ap%{clt=1Hovz9kxoN_-bJ2UI{k^!7o zFS~RsnqNvp@yX%Y%g*+TVFKejrLUvQHc0;s)n@>S8r~#)9cEyUW6#^94Sf=(weLhT zaU%PenNm$*r=+9e1A7Gi#BJ*^-0OD9c2%l7-lnKnu75Kbm(~JK^D|j>`)q^*aNX&_ zBXPOdHcD_7bDsz{S$jMBA*|ya4<-L%^{eY{`5opweJVM9S556pvHQDIVSzvG0nmgIreOR>5FKd~WSQ-^i z=<5Bsg?V05%t*w>$VTp%`Z9CFzR1(HwmrhZK&Pa2&fZ4u4YE6z1VeC^Z%XIngg(We540xe~st8gU=&cQlBY{SFu?>CZjQcP4EWoU5h#M_h)WycV4q=gMcN+C8X=>+Q5paBng0owZgXd z5DgPt$vBaICW|cj?hPFJP462F(Hf-^^O5+Zv$|k4Nz{CDJh^&hlumOR2?oWnfb-(o z+ZX0pk{yC9n7~J|`t`#=)pR^E9?8-~eZ*$y%j=Tga(IUoAWL~+^IUpADdZ$gC1Af} z5w&;vr`5R>p%dUljeJ4ulJtxEu%t{a|5Py{ZWn&)<@KG)esba`ObwIkj+a*0uB3g$ zs4S@NqBMwFE@BStfXBlOws^KSPGPT9m(BfL);#$?Qx#8)EqUyl z%zicEtTegv`VRmGBkt3uuZx&piDSq-rK2+0{w%txfW;@m@9z|(NAYNgL1FuAb}0m# zK$e1m>UCUty@QFd{VIL8d$;;PfJTwC65q7|06{dTVAX0K z=(vMFjKT!^brV?*`c`#-VE@~GaXte)^6uJ^w>iIYZ$;|6y_zXUs$_XNE zlZuGoPf7o1ZUgAUcJ8hbYZ4Ff3~Evt6@71hx_R?$BD` z)yI%j7;@Z!>8}Z+*-xVdl}x)i&lR7ufQyh!vh_M{5>9Vlb}6zh5($Ao5 zD#;y&B(#EtS7|GJYLB#cZeX!Ug#wfHd0`+D_|k_jCCVW}qKIvWebSv*A5VMA=X=UQ z3{=l|8IKOj2l}ce2W%39zmu3@|utn;bPH#X3cu14F%AGgC*B>2@+a9bTP81*=Gjs`Fiw6bh8H`NoKWWm%YH-c+n}3_sUwm9>}Low+k0Z$mMll z;1Ul3iHn;i-4%R7MC={ohM5u4=%=sf5$0*5d8;GRRY0%jk}_o3?MGwn_YO|>H6F-f z<2@#qtcQ?n?^={6uhgTS_4A#}D%B5*YYqJGNkYU0I{mx6ij7`^oP>|KL)UiuBVdhW z$C)mW=HNoKBf*meju>Elx2byT8O>tU@Edt8>O65aLdX3Og31?Qy)Aq$t&IW?}W~Da4~&6`SA>-j6i2 ztU`SEucpOTf4C>_9t8kdlwe|i%dq)?{(?VehP5t$1JlUyu;(NvPBMX^cj=CErE#$V zwoQ60lC5zxSkK!`agOEuA~};!E|XQo6v?@bPxN4E22M#5Ue{;JF@ij<+p_IjzE}R| zlsVLB^Tgk5wr#by@z2m{4R1LK$CZt`{g;18L0cdAwj*ggGrDdUv;PZ5DR;bM`PzF$ zvW3na`6R`dh~AdvJZ^;bz;GpsrnIaTUG>CeLJZ^`H%=p+i;c3(Amt0h%hSRSji{-M)AwW8Q5Rfj*Uth2BJAFI!CEwJk|f<$pi;(h*!5IH@*q=(@j0+e~-=U_Bt{1Wn%G_ddR~N zyB(A9SD8liWB5v);m_8FM{&fOY23~r+xtiWm*V5%rV&_4 z8F@ATmCK+JMZ(xDym7o(9YoF4R+OMEOTWDla}{5=+Fx7q<(VVcXj(Fd8iOLqBBW0B)iKw0}(}QaaM$#9ySqu)vfey0Ql!b$1r^H0R zv<`Ry^uy(i?=+Yh?(h(VSRNTQf|*265Lp7qDW`DFKJh@@?idS5qMZ?BkNi1ws&37$ zQ>L$s0f8kfrhOJrns&TI$m5%s##ZRB@0a6Bd?#Zb68&_L>=a_>0z-Ggc6f#%#v@$~QMyS;9}UR-WDjb3W)R|R4hx4oy!JdKFu_2tal9=Pb0PN#*v zqJF(uxZ~A84LTjlM^Be;vjjund+!sF^Kye_CP1Fft;y)e*t<;V**H41#PNV%W=F+y zh)j1$$H3Xr57w@`cx^S6wLFsV?|?4;(+>G)*9)v|AU+eipf}5Zq%ZRaE(&ksy}z8O z0``ofJ#C5Aj$?Fw@a|R=yz$Y}F<{e~a0x9{O<8V17@uZ5TGCzY893`hfJVF{OuCm| zNAS40vV4FYIz8z;n-*}XE_#)sxwGD~dfK_X?ghd7}g+_Zb_p93II?)4tdYAWs@S(eX0h8t|5^ z^8qJm2F}kTcMXq>PS&fu!ch>YOE(P79h0>*Vqm@s>P7tQy*b-Kp-p0L`#FJ&mEkdt z^Aapb)H+ajAPZ$PH*e08_v1I`olQ!!@W03E0oKUhv=^Trzc`F7DYk6E18p6Vk0MtY zhSX*2{}QKsZ{8U=Pe`=P672sK;b;WRmYF+jD~6)r5($LO5svy6*F)?i4??5l2|3@7 zQN6oMi2`S%X90a7!-`k1cGAYA4bb){Qvnej!?RKPaB{Y+*172tfu zVlflyN(oaF8(e&Z(YBaf`%_;W&)t8dQH5DMzFgvW^Z)Tq4Ce}BZ$>TYC1ZuC4(xH5 z13pIb+pP|Z7~S9?&tvT!t{Qe1+YE4y19sXM3oI`t>wR>U+-p5lCd#H=z&8^Di11d2 z-TTj(6CB4IV24!hLvSo&zSI2H3)LMS@F&=yG!5#Zn^Ox=gCC}w4Iv#x* zIP7$_Ydb~22hoR(j+4&Q=iu+qvL1jSdDqoX6%n|Iefz5C;<9)ng9^=c!BoH{nZ4J& zvqLD<5`n1HW~pZVerCPnZzS?4Nw;!D#x7I8xV>*+FyfZbf;|P9aL9ff#u2y;$-ajZ zBrHLwnxXWK+>XDuuxn~=UrLUy@FQ+pPmU+x4R^MDFhCA+e z2l0?G%ZU{bBOgG1JJ&udbnPx`%Kx8m6{Ic6qx;^%)Jhae%)EB zs@`3E$D*q*V4D>u>R$j|zsUPiT`hm=sRR`3_Y~hRzLppZBsp(Z?>{r81R-FLe|w5? zECc0POuQSX0#SfR!E0ao&IIc7nIC^oN09Kg4eM@*(gbrSsMh2b3bEa+U$jfezk`iE z?sZ@10X)=w@;#Gvof>@!j#fh+1FVv#*=oOZ7<&Fvq4ZCv$!YBs$%R7oVeJ4Na&tn7 z)wDp~iCs{)2i1~fqng7|+t9RR16O)p;xes{mE?7$O82$%gEhhcTYpZ)FU+W7qL!4^i;b~rREUTQZZN6U=qlk*W1R%sMHx})_EtD2_?tlvk}7+ud5&6{FN*v&4@L7 zx4c`gK3}h%V@>6r1FJw)_*N*pzd_Y`4a7?Wok`@Rn`brEvbt6~@;HRhg1u~(OsSl+ zzS|}YtbbR`eAknCXY*x5R6yS3dctB9x0L0hu0(AJ$nU)n3dk_E*~_}2mK#pAvSnz<`LzNVwO;F3)@T}MAC zz2_hQBf#fwq2(WnXwmA?sCwWqa-@^z82!vdr-0gB7y}^UJCc`<(=Pts;)Q#g5$j&^ z9;!g(s|^zX@>Cz270%lF3S!Hu9M!%uh4=>S!rd$zHkO7Rw*vI}TEM5IRT5TMZt$ z9PJr6IDy3xhBtci=WA}$%{X)%kMt2F0&6ZZ$jt$VB!Lrlx!#5Pr(il81k_~X8^OMv z53J4}*87w&R#5w!d~Z!q7y){&5Rv_EMB&0;E;>xWsHpHO@x4_2*FR6vvB&l#5T!Nx z4U=>mJ;b5$;pYhm`%exJAj!*+(y*HG5_%h@OYJiGP>S$h*cg>;i(ucsCIYYy5Ry?K zU`tLgLqAR5Q0!pgDq2$SfOhz2W|fl zO1&_cEUl~N{$vh)Rq(zOBro$K>(BUXOGg*vj9bC=X)w`1*NoVMq#>S!wUYluwGK&qpthAG*hFq^WQo+6% zsphy%shdtMFC-H+P0=Pb^tjr>vrGnX@BnsJf^81|v3w4##BE!sAo-QZggXhimfZO8 z*{tW6>>5`nw#7>$9=j00S>$=}sH*Ck<1SXrcVl5+ zTt2x&(eFgKUuf7F4U=$s-PY^GDDn4IOG~NVe7osW$c7y)-#PMis#gkQ|p9X zq{Zghn6zR1y;J=P^MTS!CemDMTj^B?v8yX@XZ$(}Np;&R!{a@3r6v%aSX{N+$w}8t z#suO$4+W(XHJQIn<8y6V!szA05G3b%_eSB9!WTPxf56cCMjd0+!AI(!YV7-5|Aswy z8e%m4*COOm<14hNs>xGnOec;O3Ue%S>=C!;{h1*o>>ne|RyC^9IGWEQAD7cacQUw~ z=t1GsGu+H%#4f2LOENi|;*L7cFu3OFf?M<4o_i7K3rw(yyp}&)UgXW=4i`%fT^n;_ ze$lpupSrT)caxX{Z^WME&oEvrPQL2e*T`4#j(pd2?Q@^?-^6E5C_I8%=jH6dsb8WX zY&&M6G!NL4efzVaCa^tO(c-HTiAyt}|9RjQV_Fz2exJtNB+oNdzyRFI)zV;Wbnkl( zs-OO+h-k}bO0wUnY4vEY)0sRI*{kAb48qD)G5!Jj%;Ha$Eo~qTrEd9;M8C<{cCEXHh`QP-!QpH3;bcFH{Zd)OzA^7uj(A{IGNNt$(1bQI0-Z}1n>@lu8{pyq4u2kJ)RrJi})2&}Nhr=Jh z76*(Bn*9&V+(PPHkx6crSZgzn$rv#&^nU!VekkXqN+Al?;K1Iy+tZQnUGTC!>D%|7 z^$Q(9)O(KX(nX@rT^gJ=#B}mlDQ1&FD8uOD^hnv?MA);Jn&@R?0*`XOS1;Su(o`oS zJr9s#*E4Q_M+t#)Tu8O$hx>V7hwsHuhHwN0hTyA;&Ru<$O^J(3UeEsLEEYtG<(|F4 zI7^{{NS)qa-d7t)_-|jjh-9z3TU7zm{;+>@ekrHT5aa6^8A8hz+jr^Tn)hk_R-%aB z@{AmbNYI_N^V`hOH`cJRYZJM=dq1(NK9T57V?G=|MjUA`)0@j<8I7{&%nvg|HK22Q zuZKYs)Y*EX#F9)RO8&8$paJAEIza7IaKUPWjb5c!{6G*VQ>9n#r_&Kv6OX>jE3M9S0@~jgH+4SsW8;4MPQ&;Wf_XY9Nl^cp zF5#M%oQkPZIV%7{BCxYj)*&6|9AFUsnDe?yHCx2_T;~@=LqQQkch$VUAd_P- z*ZSL!M2?(%XT4Q~h{>|)hp!`}F{;}#KrLl?(Hv@Q$lpQ+wK$7k@*$x7_;wAAUIK90 zwQYgiMrNvFebA~eG~e$mV0%ng2pnCD693cvN4)A#EB6?9#H+7~>C|>zIsg1tX#D%9 z?U-2Flsk#tqg?)?FfrEQH!d9@NvaaKw@y2ST+jV4WF`A1o21YD#PJk$N!y*|i`Nrx zHS&^%O3a3cci)*4qt@?`*(e*{W6!C>A=0gcisx3hc$%b9&rc25c2ed+(5v?Q#v`!+ z(nDz??#ir?o3{y2dfL+6<{ul<`=(wI`@d1q0NLuf+^je&RurWdO7Bo)i@N# ztHyGJ$a6`GB5jO9ugy{}f8fz(iZHYGqN}9&L+-hI2+UE@WxC#cD43&Nn@=?(U|q(4_%fG zqkDOiOTku2J6<~PMNrH}C+koK`fSPa?lt5V_Jl{?v~KiJ&)0Y)zPg`O<*$_^ z1i#7C(dnI9u*QS#w1J3Z)lxYL?S1sw7tqD=-co@LLoE<=7fq6bkrl=d7|=Fh(qzEU z-9YTz<-!S`Tez?d%q2>r@|id9IyP+}x*iCTF1qj+S~5MRdjAaIFDG&1PrEm44k&v# zD8C%!>g4MXMg4-B?$RASt0@DlHi@JEm`(w^+GMf0w9dyt`R$)boGr?v*X`c(Snxi! zw{eCQJm^Qz>Uo22iyP%>c=^-50>P9T5xdJ;qt5AOpKPI8L+7 z7HekpfD(r1au4Jif^`fD*`*U0ub4Ew1BqOcE$ki<=&GpnRpa&U(uMYGbn?8>Fce^=E$4l>W+3KGZ@EH!cnT^bJ>C2>X+AYCgSx#1ypmc7a zF!7xgST6ZNZl_1tMu)D7bJ8MShku4Pe33QPC+M1}jgjrxk$Jcgrlq4}^;Rx^lsI9a z$6MH9^i}89-T8+XrkxKDLM85wd%0@83s;j_{1cu~N3ZOU=5lRfATcx~1uIEb8(+~$ zrL$!yNd>FR(^#fI{9fy5{Mut{TIw+!PGM{_LW_VsamZ1t#{^FMpnZd|sDXqiHN^2P zmKjY@kO2lIHT{!dkEl;Z_-%bkLg_Xsgn-w*=ZmLYvd;REd=j9!Tkp8EJ{8FfruOAXwubW&mb zU3D4^h)HAPztoXmVXaQO+N96;6F;6JrjJ&`9hH5{CSCJ_@Sax8qnIIQ>s@9eUZ*jS z;Bc0%0lMVN4fH(WQ6L-m^HJ$RLKHq-V)J#}si&UYp}M1zg=M^i?83wRVoA#&-P zK)R>CA1#`4sg4Xr!yp&rn!8s%~OwSBqzh)}> z85$-d*B$3|pJ$MyV5Tga_CT6TPbl``GZr4hsw%8{%_1X(MsVzy!IhsK~*1C@s=x?LW2*z#P*=(+-!ewr}hcsAJ}y` zo|lya)pLtWJ~VR%v}iAByXetag&$#&(RNw?GIed{7AqsZAbn_`Y1P>OtAx(R6L~zA ziidpJ?fP}qcs(H`12q&+a7CBtaKgBwAYB>Zi{|L8Z zt$k~|$O94^k${_~30Yrrd4o+yc$S^;M^uC!cnrk0W4g>-ganKu;J;eNo~S@m&E{f} zxdod&Qh2w^tCU3+-PCsGZ#?rj^LgHuQ8?V^C|bmVD*oHv?{>Q>yRrdI7!*>B=yO-0 zbK|&enVy9tUCDq_J`7!OV`|&_sSKrp5b2?J^X@=hq+m4 z7ty!vdt0I3`nu2SFE{wC^N+S@kQ7(ns=-1k;2W*jZyioL5Tr@ zptuIRkEnfG$0ztR`N*c)2Br}sC6xBh%w2LJ0lm)am(-xq@uEshAS1D|%dl}rOB38t zhv6q(IF=!e@xpbv_h_g#YdmmMko3&tBYK%2ce$!&YX~|@A$Ykyr^dbwa-075dG7UJ zr9RtFbL{RO=EMvlpM)g3K)7we3hSH@5e(fxU;U+Jre8?9HmK)@&;H-NYG~F|Eoq&e zrk!}v73ib-snjnqr=>bm&ns=276pE-BJVqh`V_xgGyH$XBnw+mP_-G*i0!JK`0xTiKo z?6Pk79gpO9$qy#%FyS52fCl8%w6yR?>vWM`s;-46$gky8F6rqPuugyZG*p zw;0LhTxYbJR7=U<$-%so@%R%Tg#PY3xtdwsdqtT4;3O-x-yRF?Uixz!EVbx@(rJHL zQ`aqm3FNsjje$&t?#XD-1-g`K*2bq}^YT%oU~l^h^>NcS{rY-<6Kpv8eX4Q!Dmqyu zZ;HY8>roZH^Ld`DEyD-5=WQaAQLpqN_Z?#{^S`?wR5mkRe;jjIOjq8tGEC+H#ZAhk zVBDp}H9IMMUWxrUY-1Y6re+Ic+T~o7%r-M$$S2rLDvrMkf)~_UFORn*r`!b2QmXvh zKKO)t_G}7Cx)cgi$!Oq;?^Xm?3H^TFwo;4mFCyXKD`(~> z!-`uj{M;q|By6%!IY^$i)cbTH!PU=vHk*4?gn0rC2_L=!F}f=!gO4v!+!{rK|1jCro*R5#k-K=MFZfFWf9fNi;k%6tVOV z$J6BX8tHT|U+Zs5zgH81`)oM?KA2X_qrN7 zR3N%0EE40uYz_U_|Fke5aef?bPyaR228=Za8ef=M0)_Ydhi3yl z-faf>bX*JvK3;71C&@v|77Q_gd&7%@>Y+$q)%%oZ(>DxBL(u+&rrLG)QLG47Hc5 zbR6$+^fP%BjHh~r=X!0yW5moPE2zqxPuCkazZ%+(WeCFu=Pah4`;bJwXHZl-IOheS zB)zR|zi>p1KPfz97Wbe3Wr19m51BQrKg|YSTOkal!FKFbMj*SbB4yCl>Ytn)S<-eE z$UOVmN0_S6Qp`&RLI68}dgSN1ZNw9Ffsf?r?<|LIBwlnqWbQNclnFmuQ@YOlgSF!gR9b7?QQJjm*n#|Ut`<4*A z>7jNd#&6Lu~|@b)EhsGD%V0 z4%iV+iy?9$BdC~EQEM7+Zq=F0*(rJwdr6e9xYIs%!Ew zy!d5>zy%i?6!j>X>gG^8F3a~>p%Qd@!_}-bfq?o!!7Nq#A63V7FFx7_?EBh_44ggu z#{n}{tL96HZ=67OyV_z5J#K%9=@Bq2akoJ5B=zOMsNK_ z|84z1v0dg|-bwJYlK4`wy{yZF6P$SRg!_JO{(Mtl@cPW`ocOP$cknK4AaBdOUXR^Z z`j@s8_-$-e>Z@0|F0*S>_98>zgc30(CpPyV`aZ5BIs}hAEQ}R9a|NGy19S1fJ2hpw z?`Kha!2#1BcQez>VoYFQiukWIGp_PN2@$&!kV)qyan6ZLN2efF8sDE*#86U!avnvR z!OH1i>hUpeSR29l=)Cyi=Fm2H*w@Jz*VT>S%WE}eBLvevsz{2^WBT29`(E{s)$Jsb z`zIyXEM%wbKH&4`ZB!-M{%4#5k5>pll48|~#=5)JkYRqUHORjMw5_8eh{5`w2Ied6|x-LKjEoM+{W zyA|F^P`#QH(;Q=Zis$24^-@ zNRs#u%KM}jY%Nb$S+^L-Q_5a?Z2X!2SN?65)6gDhX^CaHyCtqu3#eQBa)txQsq0Ry zaiLYeFn;WnH1~bryU83jFdiaK;u%|D*z!ru*?L1$yJPc>c>;Qjq2B@S*kD8&N5FPI;l+FEi%`<~B+ zN30%?`+tp~%K0>%>jZ{=4sJoU%PraMAX5?pSkG>Z#A|h0+C|i|v6w<;q)$D5a?Mx7 zxIEZ$!YJ_M=v?k}1qv2xZ12Jk%_#Mff`|RF(}jF-AXFR{?=Vq(D%d@z37Pbvi(lwU z<|+SqfsfRxwF!VVX=Mt#kOdf+wpl7LN`0iYQJoNN=frLEO}ppaefbqB8+yl3vEDE{ z!>jpL=|KO=Q6pOxoP?!D@WADb)YMIgzdX5onWJj4-yskoZ-;-sAs=vaRA*W}cSDAH=!m`Ts4&CZ)k?oU?i0Is+|Qd5-hCL+S3|EA z=;qe&uI;MrxQOE^R_gCNv;MQtuBdm|>qaKJ&?$>(0(!0dN^og~gO-}I2lPkt<2#p1 z!dDt^UW#+x`{BCQ?j$F@kft@wJcNi2oLT^Y=$l&6AE`}K_tY=6c3 zu4ufVDTY@mHCR^vS9%@e%W}u+l8!zQos+WEZDo(vIGOY^T=`Zl=c-#vHg24WGKKwz zQlY1T_DZo^o@#LyH!*Oa|JS#F%k zzsp?#>EN|N{V(Dikvon?feZ%!@GJ<$4tnu6%1upv`1Iv-*ZIMxP}|*Tj;>-`YgFFt z_sec88#Hi}73einAk_lyS>CSj>_MJ(dalek$2?tYck2#f-Eb8_XZynLgLiY+y!|X8 zV97^+zs&~+=flKEw$z%Im2rV}2Tg8=z=zxY>)S_(S{LxZnSpb6^O#?25Axf-QYx8C zYC_n`!-$1s;7ZTHOHps`tG|tDUwRji?Yrd5dCcQ1oQk9A)*qh#r%CdP`w!#U-Vy(p z%Mv`uM{pfpA|*+1ZO2vqp^p4|=!?gjg{>D)J5BTVvJPEVwkQcx(JtvXO;#1EMPgwB zLJn}e+yR$z>_jWcvkvOl$kCVqQ@^hHf>@C&s+;k2zEQS%WyPmUV~NdY?ME5o$^6Tv z@d;ziw6c>8v`!CwqTH%9uO~c!E&t&p{_ZHvNQp%8*YK9As?Fm4`EW`*t}F z+zXC9yw&nKKHTbd7%8Knv?8c;)`)eVIBs7h~g)r7>hrj zb~B(knM8S=FQ^hV-z(%9q#oD4S)Lb5VP~Bm#B6pYf{%=DbyonTh7N6kB9-2-p!yaYH zhhvxI>e}-B%oMx%E1b{Hn({lWn_kH>-VJcl;si9AlFUpC38IFR&^@=0%lW8|F9@wI z$}Isnn-`be+#4RBbybd;N0Ye>*>;gwk~%U7kLIA`qu{YY)HDSkwFn>IbbeH*7&JM= z*xmb<*DZ}?-BK$}fhs87CGol@ekg0uwn7pqCc!tMse_X$$u5`@Xis82R-le9LTX>^ z(gETJo{!=Rr@GWSw8(nb(0Eq#5b5e#lIV}=l$PF;t*JL0YpeM5_*^wzFq=`jaJm$H9L)Q)-8{`S7o{9^O_B~e50tKQo8houU!qUfJ`>xi@>~~{_-Is zV1LJ$Ng=@PortY($`ZBmt`@=|-=pSKRPv&4znh}xh58?jds^)>a8t|kwmXB+;O#pc z(Zco5;L%hw48h|J{_O%;UHI-{0E=e%Bf4YVMX;ANu9zxfv{pjzV$;j*&Fwp~n%V&# zHF(0+e#O@6A=(H79Gx5NBOyw5)|F7%hNhI0gkgqWew9$cl~~o-{NH(qHWW}Tiyh4; zrabi}q|2ewmce%5J@p%(3cm}fCE+a_kFq~jshPW#w{DK(K^Bt%kf3&$dNwko>Mi5b zyo1CLOkfYqoetj*q8F~236p6#5s50rqTEw6jpSS(IVRS^S`W92q=~OqHua$ zPOys34eU%u48mp#Lsf2lqvKwG?C(K4X>VSweh($+8gUwlM+?5tf{d*a3BX+jR>w7L zb#?!(L@Qzg0A}K1*5txQ<4u+K=)|5ScN0=7VO383raI2nwLkcYjaJhQU zw+-=n96I$x(}&tiK!WB}bh!osw^9SUHTtTw84m{@{g+zS1w>CG<7<_(Bm;Y39TUJb z(kS-i$p35a%EO`F-Z;{=lqDrs%2F69{A6U8++-(B8rz_Sh?!^_`>sJ$xI&CA8q3&n zHDs*mW(}3h*kdrV4Ka*u_H{B@q^oHOTp&Uw%0eb0M7=e!T&-)_Ds z?dZ{c2f~x3#J>j$Rf2>j~44(IM~t;Auw8o+*ps8lHQ^ zI?EHF@fCfUW4%(dtd=l?2oB-B4^&+*yxap;#n$8Kcid9hyqlUJk}`Q_XGYR;`td|$ z{oF?U6uav1G^S4kMO=(x3;A#%v*Z3@9* zAccNc$WL$KLsO!z`BGO`wTUfeW6&Y4);*Jccya43 z)Y9`ypudcqK-xUE6*zi(m(ucRda1`m+PUN2pZw605L+CZkZ13+A$v=M(;q90SA8X% z3YHzq1bkb3JY)$Ei})0vIr$r%3&%Sy-TU=H3drKvjRRt_GD+YIIkWfGoy4;fPdRH{ z%FNYXC3y~}&aeNTqYWnxAF_yZ4;~ccN?5zmDJTh^C^g$HcCz{WVvRZmDs?jmvsPIE zh1#Wib&QX`#M7)v)qma#i9G*4!+ejDo%QVP(C1etuaP9J$Tf*knu2hEvq2l5RMGPR zcfH4w^viq_!0Gu%^Tc00CpGUD=ZqZ=D$>7d2ch3rWSpJNWP7yV(tI^%a@T;%tj33u z!oczm+_JQQW~YlY(&$zw=CWAWVoDy@hQARm{GdwcV+X2mylLss(N`}b#OK3gt`B9Z zUP)RNEV4CY6pnNiCCKZFwaXjgLk0ZR8@6bpN}@)QSBATjH;CbWT_&-?8NJ@E19&~x zoBh>UO7|BS*^2eojhB+Nd$3kMw=@LepV)@}Vtc*$M$A4|8^Pu#QE1o$K5rUB>bmlU zYk_tWwTp_E5l4?{>@sW&980I)A15dzT%>UbJ}g8v`_pMQQ^~04Rv%A&{@evvx%Qj< zfoHBQcSQIs8Aw5Ji(Wy|_AG{v z-E^6zmQYKno+WT>x2Rn#Hd46UYM0NbFlbfE4ZTT4T%{=dvb~QzK0hS%(aGrwW8$GJ@ zvUTPd!0~#_e@fZ7&fLNYT_Pj7s8*E@3s@P;3nv2Sp)9umBTDF$SA;Wy)bbQ4+fA*Y z3yWy0ki7A+p1@`hMiR_Pzru57-Hj;WF-2^%_4>TKvlN>8)L=BFw4+36&@0QJhc?qk zDk7{(&lXxsh2l7001+HwF|kaE24CcSfq$ST zd|z+jdhX18vj||i0XV_L%noGpT9k7%?eVBu=(no&!ycz)p9{qw_fKCnN?x!T&W}op zQav_At&Kt{Gv@FU32rh|?7{Mghqt?URwy@ZbuSbw22!R$whB7gv9YL+pyI_}=&x<> z9PW8C4ii}Wq=9bNsgpUE8%A#pg&=QBcGlGPlMpp4lu=4mEq{yW^4u{0!&rJ@m0OfP zUyvMO?x^qj=f)_NejuJNdHl4-)Jdf$6{Yr(kc)L)Ho2VP{j<*k_$i_fI^yV9b+Kq= za)cL>=mQ7bCPr5tbtsSQopnz!_iEvRl~P`60QYr`#ISp?$?cVY0PYwE&#iOLQw|11 ztn`~%eyFnC(?fbZ8nhUgPct_Ak4XJ^hg|i1>7mK~8)*RzCd$LCg^pMe#Xi=up@SbWD)6AgmOQ!*r_KY1g&shWq1#{i~jH_=<+r6Sy|PJPsMR^Rj*BXuuj~`BQ=i!hxT6VAx+2eRF5Lw-Zj@Or-q5LOT@lg=8{5z)2(vVuA9q^XR5qZyyveANL)op@}T?7o%&!N z1Fu)ke0tcT1>`6zC4!)cGoIY{JN}tnOF}KW8^n^FklHY7iK+!O8 zf?dK4;(m5-KPb#_z7?R-kO0aJsQ_-ykcanzD@T^prU5cgsae)}tYc>$1k~q{2%C=h zC}Q^f$=Rk{;DBQO%higdK14C^yyXJ3i>B)WG~~v?^w2hnb(*^7O1yC*RBM(`mmM0Z|`&GYd}nP8WK;u6bx()jbYbN^Jd*- zz@M5-;jyi`S|P9@vC+672?YhVqqkrnI2rVxEA^~rKz`xeN2Jg7=B~V-Jl!};wm&z( zmkIuY5#QhQSC$MJ3=Tb|cm7Tn_hyjy$OMFU^}@#-;mdh$Rf_)pqjVYOHu*D@ zI)$16-a*I%?lj?Mshb z@eeQmfE0fEkq{FQzR4?lsW{mak>#>Inq93&_J&2zG1cAql^id zjVrrN)fSPiDDc&tZSH=H&Xqmgd;;;B)?*Sg;W`D!yO-p+A7+)-(L$b*^IF?)O-;k| zmr_)V+a))W;uF21U^Y^y_g24Yg()gf{ad{CJLXZZCLLM}&rTgA-su!3wxCTekKXmu zx9u`)FfHS6Z}k}qK@&4778+2fxGDq&K~(sdXSp`&q~b}nap`?NL2p0K4QvE1FYNl> zn*)*=4Z{GnWF*tLtF#Q>cTlmzci2XS<$Hl2d(JBrRyRM^3SXs71mHS7W_o+*ZOtsq z<&SfMu6N1AI$k%Ny{wO4*joJ;K6?DQNOqptLQJ;ee(p z0A57HLo7IufMO8yiwyf(YpBv#G~&g_nc9&2@PGXyz}XO8M>ntPO4X`kP&J}$ z%RXi_Bn_~eWnhF4mx23T2VsJVEPpAtZC~;w89XZx48$zAwzN#bJG~?O3Y=D{fv~@j z=OX@q8vkCInf*}=6AOZ47y|y*_D_2KS6h#P!bYK}A6C#0a<;9ugg8K)(Oy2l^|Pk8 z&y%QRP>@ik{ojJVJ@X$eXmN0e4khqv>iqVPjDH>F2%vBS*y1Ns@MDz=+AQoZB<`BN z+t!VrC$9p9cZT_^YT6m*ZNj)C&D+*|@D6Bv*E3A4JD{;mf$f0C4rpvcifzgN4K(0k zn;<487U Date: Mon, 1 Mar 2021 16:07:01 -0500 Subject: [PATCH 10/12] PR fixes --- .../alerting/action-types/pagerduty.asciidoc | 140 ++++++------------ 1 file changed, 48 insertions(+), 92 deletions(-) diff --git a/docs/user/alerting/action-types/pagerduty.asciidoc b/docs/user/alerting/action-types/pagerduty.asciidoc index 7df86f6902b82..f74b5773b3719 100644 --- a/docs/user/alerting/action-types/pagerduty.asciidoc +++ b/docs/user/alerting/action-types/pagerduty.asciidoc @@ -7,46 +7,66 @@ The PagerDuty action type uses the https://v2.developer.pagerduty.com/docs/events-api-v2[v2 Events API] to trigger, acknowledge, and resolve PagerDuty alerts. -* <> -* <> -* <> - [float] -[[pagerduty-benefits]] -==== PagerDuty + Elastic integration benefits +[[pagerduty-connector-configuration]] +==== Connector configuration -By integrating PagerDuty with alerts, you can: +PagerDuty connectors have the following configuration properties. -* Route your alerts to the right PagerDuty responder within your team, based on your structure, escalation policies, and workflows. -* Automatically generate incidents of different types and severity based on each alert’s context. -* Tailor the incident data to match your needs by easily passing the alerting context from Kibana to PagerDuty. +Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. +API URL:: An optional PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. If you are using the <> setting, make sure the hostname is added to the allowed hosts. +Integration Key:: A 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key. [float] -[[pagerduty-how-it-works]] -===== How it works +[[Preconfigured-pagerduty-configuration]] +==== Preconfigured action type -{kib} allows you to create alerts to notify you of a significant move -in your dataset. -You can create alerts for all your Observability, Security, and Elastic Stack use cases. -Alerts will trigger a new incident on the corresponding PagerDuty service. +[source,text] +-- + my-pagerduty: + name: preconfigured-pagerduty-action-type + actionTypeId: .pagerduty + config: + apiUrl: https://test.host + secrets: + routingKey: testroutingkey +-- + +Config defines information for the action type. + +`apiURL`:: A URL string that corresponds to *API URL*. + +Secrets defines sensitive information for the action type. + +`routingKey`:: A string that corresponds to *Integration Key*. [float] -===== Requirements +[[pagerduty-action-configuration]] +==== Action configuration -In the `kibana.yml` configuration file, you must add the <>. -This is required to encrypt parameters that must be secured, for example PagerDuty’s integration key. +PagerDuty actions have the following properties. -If you have security enabled: +Severity:: The perceived severity of on the affected system. This can be one of `Critical`, `Error`, `Warning` or `Info`(default). +Event action:: One of `Trigger` (default), `Resolve`, or `Acknowledge`. See https://v2.developer.pagerduty.com/docs/events-api-v2#event-action[event action] for more details. +Dedup Key:: All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. This value is *optional*, and if not set, defaults to `:`. The maximum length is *255* characters. See https://v2.developer.pagerduty.com/docs/events-api-v2#alert-de-duplication[alert deduplication] for details. +Timestamp:: An *optional* https://v2.developer.pagerduty.com/v2/docs/types#datetime[ISO-8601 format date-time], indicating the time the event was detected or generated. +Component:: An *optional* value indicating the component of the source machine that is responsible for the event, for example `mysql` or `eth0`. +Group:: An *optional* value indicating the logical grouping of components of a service, for example `app-stack`. +Source:: An *optional* value indicating the affected system, preferably a hostname or fully qualified domain name. Defaults to the {kib} saved object id of the action. +Summary:: An *optional* text summary of the event, defaults to `No summary provided`. The maximum length is 1024 characters. +Class:: An *optional* value indicating the class/type of the event, for example `ping failure` or `cpu load`. -* You must have -application privileges to access Metrics, APM, Uptime, or Security. -* If you are using a self-managed deployment with security, you must have -Transport Security Layer (TLS) enabled for communication <>. -Alerts uses API keys to secure background alert checks and actions, -and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. +For more details on these properties, see https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[PagerDuty v2 event parameters]. -Although not a requirement, to harden the integrations security you might want to -review the <> that are available to you. +[float] +[[pagerduty-benefits]] +==== Configure PagerDuty + +By integrating PagerDuty with alerts, you can: + +* Route your alerts to the right PagerDuty responder within your team, based on your structure, escalation policies, and workflows. +* Automatically generate incidents of different types and severity based on each alert’s context. +* Tailor the incident data to match your needs by easily passing the alerting context from Kibana to PagerDuty. [float] [[pagerduty-support]] @@ -114,67 +134,3 @@ To see the available context variables, click on the *Add alert variable* icon n to each corresponding field. For more details on these parameters, see the <> and the PagerDuty https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[API v2 documentation]. - - -[float] -[[pagerduty-uninstall]] -===== How to uninstall -To remove a PagerDuty connector from an alert, simply remove it -from the *Actions* section of that alert, using the remove (x) icon. -This will disable the integration for the particular alert. - -To delete the connector entirely, open the main menu, then click *Stack Management > Alerts and Actions*. -Select the *Connectors* tab, and then click on the delete icon. -This is an irreversible action and impacts all alerts that use this connector. - - -[float] -[[pagerduty-connector-configuration]] -==== Connector configuration - -PagerDuty connectors have the following configuration properties. - -Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action. -API URL:: An optional PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. If you are using the <> setting, make sure the hostname is added to the allowed hosts. -Integration Key:: A 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key. - -[float] -[[Preconfigured-pagerduty-configuration]] -==== Preconfigured action type - -[source,text] --- - my-pagerduty: - name: preconfigured-pagerduty-action-type - actionTypeId: .pagerduty - config: - apiUrl: https://test.host - secrets: - routingKey: testroutingkey --- - -Config defines information for the action type. - -`apiURL`:: A URL string that corresponds to *API URL*. - -Secrets defines sensitive information for the action type. - -`routingKey`:: A string that corresponds to *Integration Key*. - -[float] -[[pagerduty-action-configuration]] -==== Action configuration - -PagerDuty actions have the following properties. - -Severity:: The perceived severity of on the affected system. This can be one of `Critical`, `Error`, `Warning` or `Info`(default). -Event action:: One of `Trigger` (default), `Resolve`, or `Acknowledge`. See https://v2.developer.pagerduty.com/docs/events-api-v2#event-action[event action] for more details. -Dedup Key:: All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. This value is *optional*, and if not set, defaults to `:`. The maximum length is *255* characters. See https://v2.developer.pagerduty.com/docs/events-api-v2#alert-de-duplication[alert deduplication] for details. -Timestamp:: An *optional* https://v2.developer.pagerduty.com/v2/docs/types#datetime[ISO-8601 format date-time], indicating the time the event was detected or generated. -Component:: An *optional* value indicating the component of the source machine that is responsible for the event, for example `mysql` or `eth0`. -Group:: An *optional* value indicating the logical grouping of components of a service, for example `app-stack`. -Source:: An *optional* value indicating the affected system, preferably a hostname or fully qualified domain name. Defaults to the {kib} saved object id of the action. -Summary:: An *optional* text summary of the event, defaults to `No summary provided`. The maximum length is 1024 characters. -Class:: An *optional* value indicating the class/type of the event, for example `ping failure` or `cpu load`. - -For more details on these properties, see https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[PagerDuty v2 event parameters]. From a0874ea5aad319aeecdf789ff5f12561e1517f1b Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Tue, 2 Mar 2021 15:16:18 -0500 Subject: [PATCH 11/12] PR fixes --- docs/alert-type-template.asciidoc | 16 ++----- docs/user/alerting/defining-alerts.asciidoc | 2 +- .../alerting/stack-alerts/es-query.asciidoc | 19 +++----- .../stack-alerts/index-threshold.asciidoc | 47 +++++++++---------- x-pack/plugins/actions/README.md | 2 +- 5 files changed, 35 insertions(+), 51 deletions(-) diff --git a/docs/alert-type-template.asciidoc b/docs/alert-type-template.asciidoc index 9511e469c988b..a64db4ffd8be4 100644 --- a/docs/alert-type-template.asciidoc +++ b/docs/alert-type-template.asciidoc @@ -8,16 +8,10 @@ Include a short description of the alert type. Fill in the <>, then select **. -//// -Optional, include a screenshot -[role="screenshot"] -image::user/alerting/images/alert-types--select.png[Choose an alert type] -//// - [float] -==== Conditions +==== Define the conditions -Include all of the conditions for this alert type and a short description of each. +Define the following properties to detect the condition. //// Optional, include a screenshot @@ -29,15 +23,13 @@ Condition1:: This is a condition the user must define. Condition2:: This is another condition the user must define. [float] -==== Action variables +==== Add action variables -When the alert condition is met, the following variables are available to each action, in addition to the <>: +<> to run when the alert condition is met. The following variables are specific to the alert. You can also specify <>. `context.variableA`:: A short description of the context variable defined by the alert type. `context.variableB`:: A short description of the context variable defined by the alert type with an example. Example: `this is what variableB outputs`. -<> to the alert to use these variables. - //// Optional, include a step-by-step example for creating this alert [float] diff --git a/docs/user/alerting/defining-alerts.asciidoc b/docs/user/alerting/defining-alerts.asciidoc index 6248295b35b20..27f3a6c7309cb 100644 --- a/docs/user/alerting/defining-alerts.asciidoc +++ b/docs/user/alerting/defining-alerts.asciidoc @@ -19,7 +19,7 @@ image::images/alert-flyout-sections.png[The three sections of an alert definitio [[defining-alerts-general-details]] === General alert details -All alerts share the following four properties in common: +All alerts share the following four properties. [role="screenshot"] image::images/alert-flyout-general-details.png[alt='All alerts have name, tags, check every, and notify properties in common'] diff --git a/docs/user/alerting/stack-alerts/es-query.asciidoc b/docs/user/alerting/stack-alerts/es-query.asciidoc index 2b65ff85eae44..46dec7c654db9 100644 --- a/docs/user/alerting/stack-alerts/es-query.asciidoc +++ b/docs/user/alerting/stack-alerts/es-query.asciidoc @@ -2,21 +2,17 @@ [[alert-type-es-query]] === ES query -The ES query alert type is designed to run a user-configured {es} query over indices, compare the number of matches to a configured threshold, and schedule -actions to run when the threshold condition is met. +The ES query alert type runs a user-configured {es} query, compares the number of matches to a configured threshold, and schedules actions to run when the threshold condition is met. [float] ==== Create the alert Fill in the <>, then select *ES query*. -[role="screenshot"] -image::user/alerting/images/alert-types-es-query-select.png[Choose an ES query alert type] - [float] -==== Conditions +==== Define the conditions -The ES query alert has 5 clauses that define the condition to detect. +Define the following properties to detect the condition. [role="screenshot"] image::user/alerting/images/alert-types-es-query-conditions.png[Five clauses define the condition to detect] @@ -29,9 +25,9 @@ Threshold:: This clause defines a threshold value and a comparison operator (`i Time window:: This clause determines how far back to search for documents, using the *time field* set in the *index* clause. Generally this value should be set to a value higher than the *check every* value in the <>, to avoid gaps in detection. [float] -==== Action variables +==== Add action variables -When the ES query alert condition is met, the following variables are available to each action, in addition to the <>: +<> to run when the alert condition is met. The following variables are specific to the ES query alert. You can also specify <>. `context.title`:: A preconstructed title for the alert. Example: `alert term match alert query matched`. `context.message`:: A preconstructed message for the alert. Example: + @@ -49,20 +45,19 @@ When the ES query alert condition is met, the following variables are available [role="screenshot"] image::images/alert-types-es-query-example-action-variable.png[Iterate over hits using Mustache template syntax] -<> to the alert to use these variables. [float] ==== Test your query Use the *Test query* feature to verify that your query DSL is valid. -When your query is valid:: Valid queries will be executed against the configured *index* using the configured *time window*. The number of documents that +* Valid queries are executed against the configured *index* using the configured *time window*. The number of documents that match the query will be displayed. + [role="screenshot"] image::user/alerting/images/alert-types-es-query-valid.png[Test ES query returns number of matches when valid] -When your query is invalid:: An error message is shown if the query is invalid. +* An error message is shown if the query is invalid. + [role="screenshot"] image::user/alerting/images/alert-types-es-query-invalid.png[Test ES query shows error when invalid] \ No newline at end of file diff --git a/docs/user/alerting/stack-alerts/index-threshold.asciidoc b/docs/user/alerting/stack-alerts/index-threshold.asciidoc index e651d2ccd89ac..4080eab726521 100644 --- a/docs/user/alerting/stack-alerts/index-threshold.asciidoc +++ b/docs/user/alerting/stack-alerts/index-threshold.asciidoc @@ -2,20 +2,17 @@ [[alert-type-index-threshold]] === Index threshold -The index threshold alert type is designed to run an {es} query over indices, aggregating field values from documents, comparing them to threshold values, and scheduling actions to run when the thresholds are met. +The index threshold alert type runs an {es} query. It aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. [float] ==== Create the alert Fill in the <>, then select *Index Threshold*. -[role="screenshot"] -image::user/alerting/images/alert-types-index-threshold-select.png[Choose an index threshold alert type] - [float] -==== Conditions +==== Define the conditions -The index threshold has 5 clauses that define the condition to detect. +Define the following properties to detect the condition. [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-conditions.png[Five clauses define the condition to detect] @@ -32,9 +29,9 @@ If data is available and all clauses have been defined, a preview chart will ren image::user/alerting/images/alert-types-index-threshold-preview.png[Five clauses define the condition to detect] [float] -==== Action variables +==== Add action variables -When the index threshold alert condition is met, the following variables are available to each action, in addition to the <>: +<> to run when the alert condition is met. The following variables are specific to the index threshold alert. You can also specify <>. `context.title`:: A preconstructed title for the alert. Example: `alert kibana sites - high egress met threshold`. `context.message`:: A preconstructed message for the alert. Example: + @@ -48,46 +45,46 @@ When the index threshold alert condition is met, the following variables are ava `context.value`:: The value for the alert that met the threshold condition. `context.conditions`:: A description of the threshold condition. Example: `count greater than 4` -<> to the alert to use these variables. - [float] ==== Example -In this section, you will use the {kib} <> to setup and tune the conditions on an index threshold alert. For this example, we want to detect when any of our top three sites have served more than 420,000 bytes over a 24 hour period. +In this example, you will use the {kib} <> to set up and tune the conditions on an index threshold alert. For this example, you want to detect when any of the top four sites serve more than 420,000 bytes over a 24 hour period. + +. Open the main menu, then click **Stack Management > Alerts and Actions**. -. From the <>, create a new alert and fill in the <>. This alert will be checked every 4 hours, and will only execute actions when the alert status changes. Choose the index threshold alert type. +. Create a new alert that is checked every four hours and executes actions when the alert status changes. + +. Select the **Index threshold** alert type. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-select.png[Choosing an index threshold alert type] -. Click on each clause to open a control that helps you set the value: -+ -Index clause:: The index clause control will list and allow you to search for available indices. Choose *kibana_sample_data_logs* +. Click *Index*, and set *Indices to query* to *kibana_sample_data_logs*. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-index.png[Choosing an index] -+ -Once an index is selected, the list of time fields for that index will be available to select. Choose *@timestamp*. + +. Set the *Time field* to *@timestamp*. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-timefield.png[Choosing a time field] -+ -When clause:: We want to detect the number of bytes served during the time window, so we select `sum` as the aggregation, and `bytes` as the field to aggregate. + +. To detect the number of bytes served during the time window, click *When* and select `sum` as the aggregation, and bytes as the field to aggregate. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-aggregation.png[Choosing the aggregation] -+ -Over/Grouped over clause:: We want to alert on the three sites that have the most traffic, so we'll group the sum of bytes by the `host.keyword` field and take the top 3 values. + +. To detect the four sites that have the most traffic, click *Over* and select `top`, enter `4`, and select `host.keyword` as the field. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-grouping.png[Choosing the groups] -+ -Threshold clause:: We want to alert when any site exceeds 420,000 bytes over a 24 hour period, so we'll set the threshold to 420,000 and use the `is above` comparison. + +. To alert when any of the top four sites exceeds 420,000 bytes over a 24 hour period, select `is above` and enter `420000`. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-threshold.png[Setting the threshold] -+ -Time window clause:: Finally, set the time window to 24 hours to complete the alert configuration. + +. Finally, click *For the last*, enter `24` and select `hours` to complete the alert configuration. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-window.png[Setting the time window] diff --git a/x-pack/plugins/actions/README.md b/x-pack/plugins/actions/README.md index c814de0e23567..3ec8545017ca1 100644 --- a/x-pack/plugins/actions/README.md +++ b/x-pack/plugins/actions/README.md @@ -434,7 +434,7 @@ Actions that take URLs or hostnames should check that those values are allowed. ## documentation -You should create asciidoc for the new action type. Add an entry to the action type index - [`docs/user/alerting/action-types.asciidoc`](../../../docs/user/alerting/action-types.asciidoc) which points to a new document for the action type that should be in the directory [`docs/user/alerting/action-types`](../../../docs/user/alerting/action-types). +You should create asciidoc for the new action type. Add an entry to the action type index - [`docs/user/alerting/action-types.asciidoc`](../../../docs/user/alerting/action-types.asciidoc), which points to a new document for the action type that should be in the directory [`docs/user/alerting/action-types`](../../../docs/user/alerting/action-types). We suggest following the template provided in `docs/action-type-template.asciidoc`. The [Email action type](https://www.elastic.co/guide/en/kibana/master/email-action-type.html) is an example of documentation created following the template. From 630f32b17a6a13e248790ccd5a27eb72cc5ef7ba Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Tue, 2 Mar 2021 15:56:50 -0500 Subject: [PATCH 12/12] PR fixes --- docs/alert-type-template.asciidoc | 2 +- docs/user/alerting/stack-alerts/es-query.asciidoc | 2 +- .../alerting/stack-alerts/index-threshold.asciidoc | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/alert-type-template.asciidoc b/docs/alert-type-template.asciidoc index a64db4ffd8be4..292ed00d05496 100644 --- a/docs/alert-type-template.asciidoc +++ b/docs/alert-type-template.asciidoc @@ -11,7 +11,7 @@ Fill in the <>, then select *>, then select *ES [float] ==== Define the conditions -Define the following properties to detect the condition. +Define properties to detect the condition. [role="screenshot"] image::user/alerting/images/alert-types-es-query-conditions.png[Five clauses define the condition to detect] diff --git a/docs/user/alerting/stack-alerts/index-threshold.asciidoc b/docs/user/alerting/stack-alerts/index-threshold.asciidoc index 4080eab726521..89ca8e3087f12 100644 --- a/docs/user/alerting/stack-alerts/index-threshold.asciidoc +++ b/docs/user/alerting/stack-alerts/index-threshold.asciidoc @@ -12,7 +12,7 @@ Fill in the <>, then select *Ind [float] ==== Define the conditions -Define the following properties to detect the condition. +Define properties to detect the condition. [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-conditions.png[Five clauses define the condition to detect] @@ -53,12 +53,12 @@ In this example, you will use the {kib} < Alerts and Actions**. . Create a new alert that is checked every four hours and executes actions when the alert status changes. - -. Select the **Index threshold** alert type. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-select.png[Choosing an index threshold alert type] +. Select the **Index threshold** alert type. + . Click *Index*, and set *Indices to query* to *kibana_sample_data_logs*. + [role="screenshot"] @@ -93,8 +93,8 @@ image::user/alerting/images/alert-types-index-threshold-example-window.png[Setti + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-preview.png[Setting the time window] -+ -Comparing time windows:: You can interactively change the time window and observe the effect it has on the chart. Compare a 24 window to a 12 hour window. Notice the variability in the sum of bytes, due to different traffic levels during the day compared to at night. This variability would result in noisy alerts, so the 24 hour window is better. The preview chart can help you find the right values for your alert. + +. Change the time window and observe the effect it has on the chart. Compare a 24 window to a 12 hour window. Notice the variability in the sum of bytes, due to different traffic levels during the day compared to at night. This variability would result in noisy alerts, so the 24 hour window is better. The preview chart can help you find the right values for your alert. + [role="screenshot"] image::user/alerting/images/alert-types-index-threshold-example-comparison.png[Comparing two time windows] \ No newline at end of file