Documentation forSolarWinds Incident Response

Logz.io

Logz.io allows engineers to look into their stack with powerful log, metric and tracing analytics based on the cloud-native tools they use.

Route detailed monitoring alerts from Logz.io to the right users in Incident Response.

How to integrate Logz.io with Incident Response

In Incident Response: Using Logz.io as an Alert Source

  1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

  2. Select Logz.io. Copy the displayed Webhook URL to configure it within Logz.io. Finish by clicking Add Alert Source -> Done.

When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

In Logz.io: Create a Incident Response webhook alert

  1. In the app, go to Alerts & Events > Notification endpoints to create the webhook

  2. Click on Add endpoint

  3. Fill in the form as shown below:

  • Type: Custom

  • Name: Incident Response Webhook

  • Description (optional)

  • URL: Paste the URL endpoint that was copied from Incident Response Service for Logz.io

  • Method: POST

  • Run the test to see if you received a test alert in Incident Response

  • Click on Save

Find more details on how each of these parameters can be configured here

{
    "alert_title": "{{alert_title}}",
    "alert_description": "{{alert_description}}",
    "alert_severity": "{{alert_severity}}",
    "account_id": "{{account_id}}",
    "account_name": "{{account_name}}",
    "alert_samples": "{{alert_samples}}",
    "alert_tags_json": "[{{alert_tags_json}}]"
}
  1. Next, to create the alert itself, you can either:

  • Go to Alerts & Events > New Alert or,

  • Click on Create Alert from the Kibana dashboard

Find more details on how each of these parameters can be configured here

  1. Give the alert a title

Now, you will have to fill out the 3 sections:

(a) Search for... section:

  • Either enter your Search query or verify that the query present is correct

  • Choose to Group By certain fields

  • Select Accounts to Search

  • Choose to repeat this (by adding another query), join the queries, etc.

  1. (b) Trigger if... section:

  • Add Trigger conditions for the alert and add one or more thresholds for the trigger

  1. (c) Notify section:

  • Add a Description for the alert (which will be visible for these incidents in Incident Response)

  • Associate Tags (if any)

  • Who to send it to -> choose Incident Response Webhook

  • Choose a wait time between notifications as needed

  • Output format -> choose JSON

  • You can choose to either send all log fields or custom fields

  1. Click on Save

That is it, you are now good to go! Whenever a log alert is triggered in Logz.io, an incident will be created automatically in Incident Response.

FAQ:

Q: If an alert gets resolved in Logz.io, does Logz.io send auto-resolve signals to Incident Response?

A: No, Logz.io does not send auto-resolve signals to Incident Response. Hence, Incident Response incidents from Logz.io should be resolved manually.