Logz.io employs a multi-tier, multi-datacenter data-ingestion pipeline to process log data securely. Once data is collected, it is then parsed and enriched with additional metadata. The log data is then indexed into a dedicated data-store that is able to scale and grow to fit any needed capacity of log data. All log data is highly available across multiple data centers and is backed up to ensure data availability.

Install the Integration

Administrators can install the integration by following the on-screen instructions in BigPanda.

Before You Start

• Obtain a Logz.io account.

• Obtain BigPanda administrator access.

After Installation

• Configure a test alert in Logz.io and send it to the BigPanda endpoint. Be sure to clean up any test data and settings when the test is complete.

❗️

Logz.io incidents are not closed automatically because Logz.io does not send notifications when alerts are resolved. You must manually resolve Logz.io incidents in BigPanda to remove them from the incident feed.

• (Optional) Configure a custom endpoint and configure the desired Logz.io alerts to use it.

Configure A Custom Endpoint

To customize the Logz.io data that you send to BigPanda, you can configure a custom endpoint as follows:

• Type—Custom

• Name and Description

• URL—<https://api.bigpanda.io/data/v2/alerts>

• Method—POST

• Headers—Authorization=Bearer ${token}, Content-Type=application/json; charset=utf8

❗️

You must replace the ${token} with the corresponding value that you copied from BigPanda in Step 1.

• Body—custom payload that meets the Alerts API payload requirements.

{
  "app_key": "${app key}",
  "service": "My Service",
  "status": "critical",
  "check": "{{alert_title}}",
  "description": "{{alert_description}}",
  "severity": "{{alert_severity}}",
  "alert_event_samples": "{{alert_event_samples}}"
}

❗️

Payload Requirements

You must replace the ${app_key} with the corresponding value that you copied from BigPanda in Step 1.

BigPanda requires that the payload contains a primary tag named service, host, or application and a status tag with a value of critical, warning, or ok. You may also want to include a check tag with a value of {{alert_title}} or a hard-coded value, and it will be included in the incident title in the BigPanda UI.

Deactivate the Integration in BigPanda

If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.

To deactivate an integration:

1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
2. At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.

🚧

Alert Resolution for Inactive Integrations

Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.

Uninstall the Integration

Deleting an integration requires changes to both the integrated system and BigPanda. You must uninstall the integration on the integrated system and then delete the integration from BigPanda.

🚧

When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.

Stop Sending Data to BigPanda

On the integrated system, disable any settings that send data to BigPanda.

Manually resolve any open alerts sent from the integration to remove the associated incidents from your incident feed. These incidents will not automatically resolve without an ok status from the original sending integration.

Delete the Integration in BigPanda

1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
2. In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will then be removed immediately.

👍

Alert Resolution for Deleted Integrations

All active alerts from the integration will be resolved after deletion.

❗

️Data Removal

This procedure does not remove any data from the integrated system.