Variable Propagation

What are Variables?

Variables are values that can be injected in any of the custom queries that you are adding within a step. Currently we only support string type variables.

$var_name = 'error_text'

• Even if you enter the string without quotes, by default your variable will be stored within single quotes.

Using variables in a query:

To use a variable within a query write $var_name wherever you want to add the variable:

fields @timestamp, @message
| filter kubernetes.namespace_name like $var_name 
| limit 10

SELECT count(*) as total_incidents
FROM ontime
WHERE DepDelay>$var_name
ORDER BY count(*) DESC;

select * from table_name where value = $var_name

SELECT rate(count(newrelic.goldenmetrics.apm.application.throughput), 1 MINUTES) 
AS 'Throughput' 
FROM Metric 
WHERE entity.guid in ($var_name) 
LIMIT MAX TIMESERIES

Injecting Variable from Alert to PlayBook:

While creating a workflow, you can decide to inject variables from your alert trigger source to your playbook.

• Injecting from API-based trigger: Key-value pairs sent within the payload of an API are auto-forwarded to Playbooks.
• Injecting from Slack message: To create key:value pairs from your alert for your workflow, you need to define a transformer function that will run on top of your Slack message payload (JSON) and transform it into a dictionary.