Merge pull request #6 from flashcatcloud/mapping

ysyneu · web-flow · commit b59f22306a57 · 2026-02-05T11:43:52.000+08:00
feat: add enrich mapping api
diff --git a/en/on-call/integration/alert-integration/label-enhancement.mdx b/en/on-call/integration/alert-integration/label-enhancement.mdx
@@ -1,6 +1,7 @@
 ---
 title: "Label Enhancement"
-description: "Label enhancement automatically generates new labels during alert ingestion to supplement source data. Examples: extract IP from description, map resource ID to readable name, combine multiple fields to generate jump links"
+description: "Label enhancement automatically generates new labels during alert ingestion to supplement source data. Examples: extract IP from description, map resource ID to readable name, combine multiple fields to generate jump links, query external systems via API for dynamic data"
+keywords: ["label enhancement", "auto labels", "data extraction", "field mapping", "alert labels", "API mapping", "dynamic labels"]
 ---
 {/*
 ## Video Introduction
@@ -104,7 +105,18 @@ Multiple rules execute sequentially from top to bottom. When a rule doesn't matc
 </Tab>
 
 <Tab title="Label Mapping">
-**Scenario**: When source alert label values are variable and not intuitively meaningful, use mapping to map source labels to newly defined labels and values. For example, source alerts only have resource type IDs, but want to show corresponding resource type names.
+**Scenario**: When source alert label values are variable and not intuitively meaningful, use mapping to map source labels to newly defined labels and values.
+
+Label mapping supports two mapping methods:
+
+| Mapping Type | Description | Use Case |
+| :--- | :--- | :--- |
+| **Schema (Mapping Table)** | Static mapping via predefined CSV mapping table | Mapping relationships are relatively fixed with limited data |
+| **API (API Mapping)** | Dynamic mapping by calling external API service | Need to query external systems (e.g., mapping api) for real-time data |
+
+<Tabs>
+<Tab title="Schema Mapping">
+**Example**: Source alerts only have resource type IDs, want to show corresponding resource type names.
 
 <Steps>
 <Step title="Prepare Mapping Table File">
@@ -152,7 +164,46 @@ Prepare a CSV format mapping table file to map resource type IDs in alerts to ac
 </Step>
 </Steps>
 </Tab>
+
+<Tab title="API Mapping">
+**Example**: Need to query responsible team, service tier, and other dynamic data from mapping api system based on host information in alerts.
+
+<Steps>
+<Step title="Create Mapping Service">
+1. Go to `Integration Center` → `Mapping Service` → `Create Mapping Service`
+2. Fill in service configuration:
+
+| Configuration | Description | Example |
+| :--- | :--- | :--- |
+| Service Name | Readable name for the service | Mapping api Asset Query Service |
+| Description | Service purpose description | Query asset info by host IP |
+| Request URL | API request address | `https://mapping-api.example.com/v1/enrich-event` |
+| Headers | HTTP request header configuration | `X-Auth-Token: your-token` |
+| Timeout | Request timeout in seconds | 5 |
+| Retry Count | Number of retries after failure | 2 |
+
+<Tip>
+If the API uses HTTPS with an untrusted certificate, you can enable the `Skip Certificate Verification` option.
+</Tip>
+</Step>
+
+<Step title="Configure Mapping Rule">
+Add a mapping rule in label enhancement, select mapping type as `API`:
+1. Select the created mapping service
+2. Configure `Result Label List`: specify label names expected from API response, e.g., `owner_team`, `service_tier`, `host_ip`
+3. Enable `Override` option as needed
+</Step>
+
+<Step title="Verify Mapping Result">
+When an alert is triggered, Flashduty automatically calls the configured API service, sends alert event data to the external system, and adds the returned labels to the alert.
+</Step>
+</Steps>
+</Tab>
 </Tabs>
+</Tab>
+</Tabs>
+
+## Mapping Data Management
 
 ### Mapping Table Data Management
 
@@ -171,9 +222,96 @@ In the mapping table details page, you can manage mapping table data:
 </Frame>
 
 <Tip>
-For frequently changing mapping relationships (like CMDB data sync), we recommend using [Flashduty API](https://developer.flashcat.cloud/api-142429470) for automated updates.
+For frequently changing mapping relationships (like Mapping api data sync), we recommend using API mapping, or use [Flashduty API](https://developer.flashcat.cloud/api-142429470) for automated mapping table updates.
 </Tip>
 
+### Mapping Service API Specification
+
+When using API mapping, your external API service must follow these specifications:
+
+#### Request Specification
+
+Flashduty will call your API via `POST` method with the following request body:
+
+```json
+{
+  "result_label_keys": ["owner_team", "service_tier", "host_ip"],
+  "event": {
+    "account_id": 1,
+    "channel_id": 20,
+    "data_source_id": 15,
+    "data_source_type": "prometheus",
+    "description": "CPU usage for instance '10.0.1.1:9100' is over 95%",
+    "title": "High CPU Usage on instance 10.0.1.1:9100",
+    "alert_key": "d41d8cd98f00b204e9800998ecf8427e",
+    "alert_id": "62d6c0f6b8f1b2b3c4d5e6f7",
+    "event_severity": "Critical",
+    "event_status": "Critical",
+    "event_time": 1678886400,
+    "labels": {
+      "region": "us-east-1",
+      "service": "service-A",
+      "env": "production",
+      "instance": "10.0.1.1:9100"
+    }
+  }
+}
+```
+
+| Field | Type | Description |
+| :--- | :--- | :--- |
+| `result_label_keys` | array[string] | List of expected label names to return, configured by user in the rule |
+| `event` | object | Complete information of the current alert event |
+
+#### Response Specification
+
+The API must return a JSON response in the following format:
+
+**Success Response** (HTTP 200):
+
+```json
+{
+  "result_labels": {
+    "owner_team": "team-database",
+    "service_tier": "tier-1",
+    "host_ip": "10.0.1.1"
+  }
+}
+```
+
+| Response Code | Description |
+| :--- | :--- |
+| `200 OK` | Success, returns `result_labels` object |
+| `404 Not Found` | No matching data found |
+| `400 Bad Request` | Invalid request format |
+| `5xx` | Internal server error |
+
+<Note>
+If a requested label cannot find a corresponding value, the API **should not** include that key in `result_labels`.
+</Note>
+
+#### Security Constraints
+
+For security purposes, the following HTTP Headers are prohibited in mapping services:
+
+| Category | Prohibited Headers |
+| :--- | :--- |
+| Authentication | `authorization`, `proxy-authorization`, `cookie`, `x-api-key`, `x-access-token` |
+| IP Spoofing | `x-forwarded-for`, `x-real-ip`, `true-client-ip`, `x-client-ip` |
+| Host & Routing | `host`, `x-forwarded-host`, `x-forwarded-proto`, `x-internal-id`, `x-user-id` |
+| Protocol Related | `transfer-encoding`, `upgrade`, `connection` |
+
+<Tip>
+We recommend using custom Headers with `X-Custom-` or `X-Enrich-` prefix for authentication.
+</Tip>
+
+#### Best Practices
+
+1. **Performance First**: The API is on the critical path of alert processing, must ensure low latency (recommended < 500ms)
+2. **Implement Caching**: For identical query conditions, implement caching to improve performance
+3. **Idempotent Design**: Multiple calls for the same event should return identical results
+4. **Secure Authentication**: API must be protected by authentication mechanisms to prevent unauthorized access
+
 ## Further Reading
 
 <CardGroup cols={2}>
diff --git a/zh/on-call/integration/alert-integration/label-enhancement.mdx b/zh/on-call/integration/alert-integration/label-enhancement.mdx
@@ -1,7 +1,7 @@
 ---
 title: "标签增强"
-description: "标签增强可在告警接入时自动生成新标签，弥补源数据不足。例如：从描述中提取 IP、将资源 ID 映射为可读名称、组合多个字段生成跳转链接"
-keywords: ["标签增强", "自动标签", "数据提取", "字段映射", "告警标签"]
+description: "标签增强可在告警接入时自动生成新标签，弥补源数据不足。例如：从描述中提取 IP、将资源 ID 映射为可读名称、组合多个字段生成跳转链接、通过 API 查询外部系统获取动态数据"
+keywords: ["标签增强", "自动标签", "数据提取", "字段映射", "告警标签", "API映射", "动态标签"]
 ---
 {/*
 ## 视频介绍
@@ -105,7 +105,18 @@ keywords: ["标签增强", "自动标签", "数据提取", "字段映射", "告
 </Tab>
 
 <Tab title="标签映射">
-**场景**：当源告警信息中的标签值不固定且不能直观定位其含义时，可以通过映射的方式将源标签映射为新定义的标签和值。比如源告警中只有资源类型 ID 信息，但希望将每个 ID 对应的资源类型名称也体现出来。
+**场景**：当源告警信息中的标签值不固定且不能直观定位其含义时，可以通过映射的方式将源标签映射为新定义的标签和值。
+
+标签映射支持两种映射方式：
+
+| 映射类型 | 说明 | 适用场景 |
+| :--- | :--- | :--- |
+| **Schema（映射表）** | 通过预定义的 CSV 映射表进行静态映射 | 映射关系相对固定，数据量有限 |
+| **API（接口映射）** | 通过调用外部 API 服务进行动态映射 | 需要查询外部系统（如 mapping api）获取实时数据 |
+
+<Tabs>
+<Tab title="Schema 映射">
+**示例**：源告警中只有资源类型 ID 信息，希望将每个 ID 对应的资源类型名称也体现出来。
 
 <Steps>
 <Step title="准备映射表文件">
@@ -153,7 +164,46 @@ keywords: ["标签增强", "自动标签", "数据提取", "字段映射", "告
 </Step>
 </Steps>
 </Tab>
+
+<Tab title="API 映射">
+**示例**：需要根据告警中的主机信息从 mapping api 系统查询负责团队、服务等级等动态数据。
+
+<Steps>
+<Step title="创建映射服务">
+1. 进入 `集成中心` → `映射服务` → `创建映射服务`
+2. 填写服务配置信息：
+
+| 配置项 | 说明 | 示例 |
+| :--- | :--- | :--- |
+| 服务名称 | 服务的可读名称 | Mapping api 资产查询服务 |
+| 描述 | 服务用途说明 | 根据主机 IP 查询资产信息 |
+| 请求 URL | API 的请求地址 | `https://mapping-api.example.com/v1/enrich-event` |
+| 请求头 | HTTP 请求头配置 | `X-Auth-Token: your-token` |
+| 超时时间 | 请求超时时间（秒） | 5 |
+| 重试次数 | 请求失败后的重试次数 | 2 |
+
+<Tip>
+如果 API 使用 HTTPS 且证书不受信任，可开启 `跳过证书验证` 选项。
+</Tip>
+</Step>
+
+<Step title="配置映射规则">
+在标签增强中添加映射规则，选择映射类型为 `API`：
+1. 选择已创建的映射服务
+2. 配置 `生成标签列表`：指定希望从 API 返回的标签名称，如 `owner_team`、`service_tier`、`host_ip`
+3. 根据需要开启 `覆盖` 选项
+</Step>
+
+<Step title="验证映射效果">
+当告警触发时，Flashduty 会自动调用配置的 API 服务，将告警事件数据发送给外部系统，并将返回的标签添加到告警中。
+</Step>
+</Steps>
+</Tab>
 </Tabs>
+</Tab>
+</Tabs>
+
+## 映射数据管理
 
 ### 映射表数据管理
 
@@ -172,9 +222,96 @@ keywords: ["标签增强", "自动标签", "数据提取", "字段映射", "告
 </Frame>
 
 <Tip>
-对于频繁变更的映射关系（如 CMDB 数据同步），建议使用 [Flashduty API](https://developer.flashcat.cloud/api-142429470) 进行自动化更新。
+对于频繁变更的映射关系（如 Mapping api 数据同步），建议使用 API 映射方式，或通过 [Flashduty API](https://developer.flashcat.cloud/api-142429470) 自动化更新映射表数据。
 </Tip>
 
+### 映射服务 API 规范
+
+当使用 API 映射时，您的外部 API 服务需要遵循以下规范：
+
+#### 请求规范
+
+Flashduty 将通过 `POST` 方法调用您的 API，请求体包含以下内容：
+
+```json
+{
+  "result_label_keys": ["owner_team", "service_tier", "host_ip"],
+  "event": {
+    "account_id": 1,
+    "channel_id": 20,
+    "data_source_id": 15,
+    "data_source_type": "prometheus",
+    "description": "CPU usage for instance '10.0.1.1:9100' is over 95%",
+    "title": "High CPU Usage on instance 10.0.1.1:9100",
+    "alert_key": "d41d8cd98f00b204e9800998ecf8427e",
+    "alert_id": "62d6c0f6b8f1b2b3c4d5e6f7",
+    "event_severity": "Critical",
+    "event_status": "Critical",
+    "event_time": 1678886400,
+    "labels": {
+      "region": "us-east-1",
+      "service": "service-A",
+      "env": "production",
+      "instance": "10.0.1.1:9100"
+    }
+  }
+}
+```
+
+| 字段 | 类型 | 说明 |
+| :--- | :--- | :--- |
+| `result_label_keys` | array[string] | 期望返回的标签名称列表，由用户在规则中配置 |
+| `event` | object | 当前告警事件的完整信息 |
+
+#### 响应规范
+
+API 需要返回以下格式的 JSON 响应：
+
+**成功响应** (HTTP 200)：
+
+```json
+{
+  "result_labels": {
+    "owner_team": "team-database",
+    "service_tier": "tier-1",
+    "host_ip": "10.0.1.1"
+  }
+}
+```
+
+| 响应码 | 说明 |
+| :--- | :--- |
+| `200 OK` | 成功，返回 `result_labels` 对象 |
+| `404 Not Found` | 未找到匹配数据 |
+| `400 Bad Request` | 请求格式错误 |
+| `5xx` | 服务器内部错误 |
+
+<Note>
+如果某个请求的标签无法找到对应的值，API **不应**在 `result_labels` 中包含该 key。
+</Note>
+
+#### 安全约束
+
+为确保安全性，以下 HTTP Header 被禁止在映射服务中使用：
+
+| 分类 | 禁用 Header |
+| :--- | :--- |
+| 认证与授权 | `authorization`, `proxy-authorization`, `cookie`, `x-api-key`, `x-access-token` |
+| IP 伪造 | `x-forwarded-for`, `x-real-ip`, `true-client-ip`, `x-client-ip` |
+| 主机与路由 | `host`, `x-forwarded-host`, `x-forwarded-proto`, `x-internal-id`, `x-user-id` |
+| 协议相关 | `transfer-encoding`, `upgrade`, `connection` |
+
+<Tip>
+建议使用 `X-Custom-` 或 `X-Enrich-` 前缀的自定义 Header 进行认证。
+</Tip>
+
+#### 最佳实践
+
+1. **性能优先**：API 位于告警处理的关键路径，必须保证低延迟（建议 < 1s）
+2. **实现缓存**：对于相同的查询条件，建议实现缓存以提高性能
+3. **幂等设计**：对于同一个事件，多次调用应返回相同的结果
+4. **安全认证**：API 必须通过认证机制保护，防止未授权访问
+
 ## 延伸阅读
 
 <CardGroup cols={2}>
