Kapacitor
Kapacitor is a real-time streaming data processing engine in the TICK stack. It can process both stream and batch data from InfluxDB, acting on this data in real-time via its programming language TICKscript.
Route detailed alerts from Kapacitor to the right users in Incident Response.
How to integrate Kapacitor with Incident Response
In Incident Response: Using Kapacitor as an Alert Source
-
Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
-
Select Kapacitor. Copy the displayed Webhook URL to configure it within Kapacitor. Finish by clicking Add Alert Source -> Done.
When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.
An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
In Kapacitor: Setup a Incident Response Webhook
Method 1: Configuring Incident Response Webhook through Chronograf
-
From your Chronograf account, hover over the Alerts icon in the sidebar, and select Manage Tasks
-
You can either modify an existing Alert Rule or create one by selecting Add Alert Rule
-
Within the Alert Rule Builder, give the Alert Rule a Name, select Alert Type, Time Series, Conditions
-
(b) Paste the Webhook copied from Incident Response under the HTTP endpoint for the POST request
-
Click on Save Rule
Scroll further to Alert Handlers
(a) Select post from the drop-down
Method 2: Configure Incident Response Webhook in kapacitor.conf and use the endpoint in TICKscript
-
Within kapacitor.conf, scroll to
[[httppost]]and paste the following:
endpoint = "squadcast"
url = "<Copied_Webhook_URL_from_Squadcast"
headers = { Content-Type = "application/json" }
-
Go to your TICKscript, within the alert context, and set up a post call to the above-configured endpoint
Pro Tip:
In Mac OS, Kapacitor's configuration file is generally in /usr/local/etc/kapacitor.conf and in Linux machines, it generally is in /etc/kapacitor.conf
That is it, you are now good to go!
-
Whenever an alert is generated in Kapacitor, an incident is triggered for it in Incident Response.
-
When the alert recovers in Kapacitor, the corresponding incident will be auto-resolved in Incident Response as well.