Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

X-Pack Alerting(Elasticsearch Watcher) Integration

X-Pack Alerting is the alerting and notification product for Elasticsearch that lets you take action based on changes in your data. OpsGenie is an alert and notification management solution that is highly complementary to X-Pack Alerting.

What does OpsGenie offer to X-Pack Alerting users?

By using OpsGenie X-Pack Alerting Integration, you can forward X-Pack Alerting alerts to OpsGenie. OpsGenie can determine the right people to notify based on on-call schedules, using email, text messages (SMS), phone calls and iOS & Android push notifications, and escalating alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When an alert is fired by X-Pack Alerting, an alert is created in OpsGenie automatically through the integration.
  • When the alert is acknowledged in OpsGenie, the alert will be acknowledged in X-Pack Alerting.

Add X-Pack Alerting Integration in OpsGenie

  1. Please create an OpsGenie account if you haven't done already
  2. Go to OpsGenie X-Pack Alerting Integration page,
  3. Specify who should be notified for X-Pack Alerting alerts using the "Teams" field. Auto-complete suggestions will be provided as you type.
  4. Copy the code in "Configuration in X-Pack Alerting" section of this document.
  5. Click on "Save Integration".

Configuration in X-Pack Alerting

  1. Paste the code below in Elasticsearch.
  2. Configure your alert settings in X-Pack Alerting.
  3. For more information about X-Pack Alerting, you can refer to X-Pack Alerting Documentation.
  4. Replace "[YOUR API KEY]" with the API Key of the integration.
PUT _watcher/watch/[WATCH ID]
{
    [OTHER CONFIGURATIONS OF YOUR X-PACK ALERTING ALERT]
    .
    .
    .
    .
    .

    "actions" : {
        "opsgenie" : {
            "webhook" : {
                "scheme" : "https",
                "method" : "POST",
                "host" : "api.opsgenie.com",
                "port" : 443,
                "path" : "/v1/json/eswatcher",
                "headers" : {
                    "Content-Type" : "application/json"
                },
                "params": {
                    "apiKey": "[YOUR API KEY]"
                },
                "body" : "{{#toJson}}ctx{{/toJson}}"
            }
        }
    }
}

Acknowledging Alerts in X-Pack Alerting (Optional)

  • You can set the integration to automatically acknowledge an alert in X-Pack Alerting, when you acknowledge the alert in OpsGenie.
  • In order to do this, you should select "Acknowledge Alerts in X-Pack Alerting" option in integration settings.
  • After enabling this option, you will see two fields to be filled.
  • Fill "X-Pack AlertingAction Id" field with your Action Id.
  • Fill "X-Pack Alerting Host URL" field with the URL address of your server.
  • You should specify the full URL address as [protocol]://yourserveraddr:[port]. (e.g. http://yourserver.com:9200)

Sample Payload

{
  "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z",
  "vars": {},
  "trigger": {
    "triggered_time": "2016-09-28T11:31:05.955Z",
    "scheduled_time": "2016-09-28T11:31:05.511Z"
  },
  "execution_time": "2016-09-28T11:31:05.955Z",
  "watch_id": "event_critical_watch",
  "payload": {
    "hits": {
      "total": 1,
      "hits": [
        {
          "_type": "event",
          "_source": {
            "eventDescription": "System has detected 3 failed login attempts",
            "eventId": 1,
            "eventName": "3 failed login attempts",
            "eventType": "LOG",
            "eventCategory": "CRITICAL"
          },
          "_id": 1,
          "_index": "event",
          "_score": 0.30685282
        }
      ],
      "max_score": 0.30685282
    },
    "_shards": {
      "total": 1,
      "failed": 0,
      "successful": 1
    },
    "timed_out": false,
    "took": 1
  },
  "metadata": "null"
}

Sample Alert

X-Pack Alerting(Elasticsearch Watcher) Integration