Alerts and MQTT Broker Integration
  • 30 Apr 2024
  • 2 Minutes to read
  • Contributors
  • PDF

Alerts and MQTT Broker Integration

  • PDF

Article summary

Skylight may not offer a solution out of the box to close every loop. Consider integrating with out Alert message bus and creating your own feedback system.

Skylight Alerts

Skylight alerts are generated on threshold breach events, and pushed to supporting clients via a publicly accessible message broker in MQTT format.

More on Skylight Alerts here.

Sound too complicated?

Consider leveraging either our out of the box SNMP alerting functionality or a custom integration through Cisco services using our collaboration with a popular Integration Platform as a Service (IPaaS).


Getting Started

To get started, grab your favorite MQTT client to explore what our alerts look like. We've got lots of experience with an open source tool called MQTT Explorer


Authenticating

You'll Need a Token

To subscribe to the message broker, you're going to need a JWT. Check out this article on creating one:

Your payload should look something like this, but ensure you've included the mqtt permission:

{
    "data": {
        "type": "tokens",
        "attributes": {
            "iss": "<your company>",
            "sub": "<your email>",
            "aud": "<your company>",
            "exp": <epoch time of expiry>,
            "permissions":["mqtt"]
        }
    }
}

And You'll Need to Know Your Tenant Identifier

Sorry... one more API to grab the identifier of your Skylight tenant.

GET {{baseUrl}}/v2/tenant-by-alias/<tenant name>

where {{baseUrl}} is most likely https://<tenant name>.analytics.accedian.io/api

This API will return your tenant Id that you'll need in conjunction with a JWT to connect to the MQTT broker.


Subscribing to the broker

Here is an example of the connection settings:

MQTTExplorer.png

  • Protocol: websocket
  • Host: tenant-name.analytics.accedian.io
  • Port: 443
  • Path: mqtt
  • Username: tenant id, JWT
  • Password: JWT
  • Encryption: TLS

Exploring Alert Data

Leverage your MQTT client to examine the alert payloads:

MQTTBroker_Alert.png

Example Session Alert

{
    "alertState": "raised",
    "baseline": 0,
    "direction": 1,
    "dstLat": -33.9249,
    "dstLon": 18.4241,
    "duration": 60000,
    "metadata": {
        "customer_id": "etmartel",
        "demo": "test-the-internet",
        "destination_location": "south africa",
        "source_location": "montreal"
    },
    "metric": "packetsLostPct",
    "mitreTactics": null,
    "objectId": "28a495ca-1531-4f5c-90d4-3e887f769d09",
    "objectName": "aws-af-south-1",
    "objectType": "twamp-sf",
    "policyId": "f736fbaf-6a4d-4b2b-86cc-5ae741bdaff1",
    "policyName": "CR_R2P_PacketLoss",
    "policyType": "micro-tca",
    "processedTimestamp": 1714443043664,
    "source": "skylight-spark",
    "srcLat": 45.5019,
    "srcLon": -73.5674,
    "startTimestamp": 1714442880000,
    "tenantId": "a56b15ca-26d7-44b4-b228-5bc83b418b7b",
    "tenantName": "playground",
    "timestamp": 1714442880000,
    "topology": null,
    "triggeredValue": 1.39,
    "uid": "f123b0d8-90d2-429f-81e6-ad7b0e475468",
    "value": 0.1
}

Note: Session alerts contain the session metadata as well!

Example Capture Alert

{
    "alertState": "raised",
    "captureApplicationId": 246,
    "captureLayer": "http",
    "captureMetaCertainty": 1,
    "captureMetaCertainty_percent": 100,
    "captureMetaDate_start": 1714443180,
    "captureMetaDate_stop": 1714443240,
    "captureMetaDesc": "hit.rt went above the configured threshold (1.).\n",
    "captureMetaFiring": true,
    "captureMetaFirst_sent": 1714443463.82,
    "captureMetaHostname": "d5eecb4f24a3",
    "captureMetaLast_sent": 1714443463.82,
    "captureMetaName": "5d339460-cf63-4b2b-9edb-1cd5823ed518 on hit.rt (configurator/static/sniffer/pvql/http#_/directed) triggered for 'application.id':246",
    "captureMetaNow": 1714443463.82,
    "captureMetaSite": "d5eecb4f24a3",
    "captureMetaStart": 1714443180,
    "captureMetaStop": 1714443240,
    "captureMetaThresholds": 1,
    "captureMetaValues": "0.004954,1.61972223256",
    "captureMetaWorker": "configurator/dynamic/5d339460-cf63-4b2b-9edb-1cd5823ed518/alert",
    "duration": 60000,
    "metric": "hit.rt",
    "mitreTactics": null,
    "objectId": "hit.rt",
    "policyId": "5d339460-cf63-4b2b-9edb-1cd5823ed518",
    "policyType": "capture",
    "processedTimestamp": 1714443463820,
    "source": "ramen",
    "startTimestamp": 1714443463820,
    "tenantId": "a56b15ca-26d7-44b4-b228-5bc83b418b7b",
    "tenantName": "playground",
    "timeInViolation": 283819,
    "timestamp": 1714443180000,
    "topology": null,
    "uid": "1655f960-cedc-475f-8c14-df4105be4632"
}

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.