Documentation forSolarWinds Incident Response

Kapacitor

Kapacitor is a real-time streaming data processing engine in the TICK stack. It can process both stream and batch data from InfluxDB, acting on this data in real-time via its programming language TICKscript.

Route detailed alerts from Kapacitor to the right users in Incident Response.

How to integrate Kapacitor with Incident Response

In Incident Response: Using Kapacitor as an Alert Source

  1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

  2. Select Kapacitor. Copy the displayed Webhook URL to configure it within Kapacitor. Finish by clicking Add Alert Source -> Done.

When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

In Kapacitor: Setup a Incident Response Webhook

Method 1: Configuring Incident Response Webhook through Chronograf

  1. From your Chronograf account, hover over the Alerts icon in the sidebar, and select Manage Tasks

  2. You can either modify an existing Alert Rule or create one by selecting Add Alert Rule

  3. Within the Alert Rule Builder, give the Alert Rule a Name, select Alert Type, Time Series, Conditions

  4. Scroll further to Alert Handlers

    (a) Select post from the drop-down

  5. (b) Paste the Webhook copied from Incident Response under the HTTP endpoint for the POST request

  6. Click on Save Rule

Method 2: Configure Incident Response Webhook in kapacitor.conf and use the endpoint in TICKscript

  1. Within kapacitor.conf, scroll to [[httppost]] and paste the following:

endpoint = "squadcast"
url = "<Copied_Webhook_URL_from_Squadcast"
headers = { Content-Type = "application/json" }
  1. Go to your TICKscript, within the alert context, and set up a post call to the above-configured endpoint

Pro Tip:

In Mac OS, Kapacitor's configuration file is generally in /usr/local/etc/kapacitor.conf and in Linux machines, it generally is in /etc/kapacitor.conf

That is it, you are now good to go!

  • Whenever an alert is generated in Kapacitor, an incident is triggered for it in Incident Response.

  • When the alert recovers in Kapacitor, the corresponding incident will be auto-resolved in Incident Response as well.