Logz.io

Logz.io provides log analysis software with alerts, role-based access, unlimited scalability, and free ELK apps. Build this integration to correlate Logz.io alerts into high-level incidents in BigPanda and see insights from Logz.io alongside problems detected by other tools in your monitoring stack.

Type:
Webhook

Product Version Described:
SaaS Version on Dec. 22, 2016

BigPanda APIs Used:
Alerts API

How It Works

Logz.io employs a multi-tier, multi-datacenter data-ingestion pipeline to process log data securely. The Logz.io ingestion pipeline includes network devices that are able to process data from multiple inputs on both TCP and UDP as well as via active collection from third-party repositories such as S3 buckets.

Once data is collected, it is tagged to identify the specific customer and then parsed and enriched with additional metadata. The log data is then indexed into a dedicated data-store that is able to scale and grow to fit any needed capacity of log data. All log data is highly available across multiple data centers and is backed up to ensure data availability.

The analytics layer runs on top of the indexed data and allows for search, aggregation, and customized analyses of the log data through the popular Kibana interface and Logz.io’s extensions. Users can create searches, visualizations, dashboards, and alerts. The system administrator can also invite multiple users to collaborate as they create the relevant analytics tools that they need to run monitoring and forensics processes.

Using Sample Code

These samples are meant to provide a helpful starting point for your custom integration. Though you may be able to copy some of the samples and use them without modifications, your system administrators must review and test all scripts and methods before using them, as per good practices.

Prerequisites

  • Logz.io account.

  • BigPanda administrator access.

Step 1: In BigPanda, create an App Key.

  1. In BigPanda, click the Integrations tab at the top of the screen.

  2. In the left pane, click New Integration.

  3. On the Monitoring tab, click Alerts REST API.

  4. In Step 1, enter the name of the integration. For example, enter Logz.

  5. Click Generate App Key.

  6. Copy the following information to use in Step 2.

    • App Key. For example, 1234z8098z1zhuy7z1z123.
  7. Authorization Bearer Token, located under the HTTP headers section. For example, 0z12345z1z123zij12z1zoijo2.

Step 2: In Logz.io, configure an endpoint for sending alerts to BigPanda.

  1. Log in to your Logz.io account.

  2. Under the Alerts tab, click Alert Endpoints, and then click Add Endpoint.

  3. In the Type field, select BigPanda.

Data Sent To BigPanda

The built-in integration sends a standard payload to BigPanda that includes the alert title and alert event samples. Consider starting with this integration type to see if the data meets your needs. If necessary, you can configure a Custom Endpoint to send different data.

  1. Enter a Name and, if desired, a Description.

  2. Enter the Token and App Key that you copied from BigPanda in Step 1.

  3. Click Save.

Step 3: In Logz.io, configure alerts to use the BigPanda endpoint.

  1. In Logz.io, Create an Alert or edit an existing alert.

  2. On the Triggers page, in the Notification Endpoints, select the BigPanda endpoint that you created in Step 2.

  1. Click Save Alert.

  2. Repeat Steps 1 – 3 for every alert you want to send to BigPanda. The next time Logz.io generates one of these alerts, you will see it in BigPanda.

Post-Requisites

  • Configure a test alert in Logz.io and send it to the BigPanda endpoint. Be sure clean up any test data and settings when the test is complete.

Logz.io incidents are not closed automatically because Logz.io does not send notifications when alerts are resolved. You must manually resolve Logz.io incidents in BigPanda to remove them from the incident feed.

  • (Optional) Configure a custom endpoint and configure the desired Logz.io alerts to use it.

Configuring A Custom Endpoint

To customize the Logz.io data that you send to BigPanda, you can configure a custom endpoint as follows:

  • Type—Custom

  • Name and Description

  • URL—https://api.bigpanda.io/data/v2/alerts

  • Method—POST

  • Headers—Authorization=Bearer ${token}, Content-Type=application/json; charset=utf8

You must replace the ${token} with the corresponding value that you copied from BigPanda in Step 1.

  • Body—custom payload that meets the Alerts API payload requirements.
{
  "app_key": "${app key}",
  "service": "My Service",
  "status": "critical",
  "check": "{{alert_title}}",
  "description": "{{alert_description}}",
  "severity": "{{alert_severity}}",
  "alert_event_samples": "{{alert_event_samples}}"
}

Payload Requirements

You must replace the ${app_key} with the corresponding value that you copied from BigPanda in Step 1.

BigPanda requires that the payload contains a primary tag named service,host, or application and a status tag with a value of critical, warning, or ok. You may also want to include a check tag with a value of {{alert_title}} or a hard-coded value, and it will be included in the incident title in the BigPanda UI.

Logz.io


Logz.io provides log analysis software with alerts, role-based access, unlimited scalability, and free ELK apps. Build this integration to correlate Logz.io alerts into high-level incidents in BigPanda and see insights from Logz.io alongside problems detected by other tools in your monitoring stack.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.