Logz.io
Logz.io allows engineers to look into their stack with powerful log, metric and tracing analytics based on the cloud-native tools they use.
Route detailed monitoring alerts from Logz.io to the right users in Incident Response.
How to integrate Logz.io with Incident Response
In Incident Response: Using Logz.io as an Alert Source
-
Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
-
Select Logz.io. Copy the displayed Webhook URL to configure it within Logz.io. Finish by clicking Add Alert Source -> Done.
When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
In Logz.io: Create a Incident Response webhook alert
-
In the app, go to Alerts & Events > Notification endpoints to create the webhook
-
Click on Add endpoint
-
Fill in the form as shown below:
-
Type: Custom
-
Name: Incident Response Webhook
-
Description (optional)
-
URL: Paste the URL endpoint that was copied from Incident Response Service for Logz.io
-
Method: POST
-
Run the test to see if you received a test alert in Incident Response
-
Click on Save
Find more details on how each of these parameters can be configured here
{
"alert_title": "{{alert_title}}",
"alert_description": "{{alert_description}}",
"alert_severity": "{{alert_severity}}",
"account_id": "{{account_id}}",
"account_name": "{{account_name}}",
"alert_samples": "{{alert_samples}}",
"alert_tags_json": "[{{alert_tags_json}}]"
}
-
Next, to create the alert itself, you can either:
-
Go to Alerts & Events > New Alert or,
-
Click on Create Alert from the Kibana dashboard
Find more details on how each of these parameters can be configured here
-
Give the alert a title
Now, you will have to fill out the 3 sections:
(a) Search for... section:
-
Either enter your Search query or verify that the query present is correct
-
Choose to Group By certain fields
-
Select Accounts to Search
-
Choose to repeat this (by adding another query), join the queries, etc.
-
(b) Trigger if... section:
-
Add Trigger conditions for the alert and add one or more thresholds for the trigger
-
(c) Notify section:
-
Add a Description for the alert (which will be visible for these incidents in Incident Response)
-
Associate Tags (if any)
-
Who to send it to -> choose Incident Response Webhook
-
Choose a wait time between notifications as needed
-
Output format -> choose JSON
-
You can choose to either send all log fields or custom fields
-
Click on Save
That is it, you are now good to go! Whenever a log alert is triggered in Logz.io, an incident will be created automatically in Incident Response.
FAQ:
Q: If an alert gets resolved in Logz.io, does Logz.io send auto-resolve signals to Incident Response?
A: No, Logz.io does not send auto-resolve signals to Incident Response. Hence, Incident Response incidents from Logz.io should be resolved manually.