Documentation forSolarWinds Incident Response

Amazon Opensearch

Amazon OpenSearch is a distributed, open-source search and analytics suite used for a broad set of use cases like real-time application monitoring, log analytics, and website search.

Route detailed alerts from Amazon OpenSearch to the right users in Incident Response.

Amazon OpenSearch can also be integrated through Amazon Cloudwatch. Please find the documentation here.

Using Amazon OpenSearch as an Alert Source

  1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

  2. Integration of Amazon OpenSearch as alert source with Squadcast

  3. Select Amazon OpenSearch. Copy the displayed Webhook URL to configure it within Amazon OpenSearch. Finish by clicking Add Alert Source -> Done.

Webhook URL configuration within Amazon Opensearch in Squadcast

When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

Create a Incident Response Webhook Integration in Amazon OpenSearch

  1. Login to your Amazon OpenSearch dashboard and select Alerting

  2. Alerting selection in Amazon OpenSearch dashboard to integrate Squadcast webhook

  3. (a) Navigate to Destinations and click on Add Destination.

  4. Add destinations to integrate Squadcast webhook in Amazon open search dashboard

    (b) Put in the Name, select Custom webhook as Type and under Settings, select Define endpoint by URL. Then paste the previously copied Incident Response Webhook URL in the placeholder for Webhook URL and click on Save

    selection of custom webhook type and endpoint URL as webhook URL

  5. (a) Under Alerting, navigate to Monitors. Then either click on Create Monitor or edit a pre-existing monitor. Click on Add Trigger

Create monitor under alerting monitor

add trigger after creating monitor in amazon open search dashboard

(b) Put in the Action name, select the previously created Destination. Paste the payload mentioned below under the Message box and save it

{ 
    "message" : "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue ",
    "trigger" : "Trigger: {{ctx.trigger.name}}",
    "severity" : "Severity: {{ctx.trigger.severity}}",
    "start" : "Period start: {{ctx.periodStart}}", 
    "end" : "Period end: {{ctx.periodEnd}}"
}

using the payload under destination in open search dashboard

Custom User Defined Variables

Users can define custom variables under the Message box :

{ "custom" : { "key" : "value" , . . . , "key" : "value" } }

Replace the [key] & [value] with proper values and add at the end of the variables mentioned in Step 3 (b). This is how it might look like.

Eg. :

{ 
    "message" : "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue ",
    "trigger" : "Trigger: {{ctx.trigger.name}}",
    "severity" : "Severity: {{ctx.trigger.severity}}",
    "start" : "Period start: {{ctx.periodStart}}", 
    "end" : "Period end: {{ctx.periodEnd}}",
    "custom" : {
        "trigger" : "Trigger: {{ctx.trigger.name}}",
        "severity" : "Severity: {{ctx.trigger.severity}}",
        "start" : "Period start: {{ctx.periodStart}}", 
        "end" : "Period end: {{ctx.periodEnd}}"
    }
}

That's it, you are good to go!

  • Your Amazon OpenSearch integration is now complete. Whenever Amazon OpenSearch fires an alert, an incident will be created in Incident Response for it.