Dynamic Variables
Use dynamic variables to customize emails and outbound webhooks with unique alert and incident data. Dynamic variables include both standard fields and organization-specific custom tag variables.
The available standard fields may be different between the Email Parser and Webhook v2 workflow configurations. Use the Message helper when configuring an email integration, or the Retrieve available dynamic fields API call when configuring webhooks to confirm which fields are supported.
Message helper for email integration
When creating a new email template, you can either manually add dynamic variables, or you use the helper list from the email template editor.
To open the helper, either type {{
or click the {{
button on the formatting menu. A list of available categories and fields will appear. Select the desired field, or enter the category or field name to filter the list.
Standard available fields for Email Parser
Dynamic variable message tags can include alert fields, incident data, incident metadata, incident tags, and preview links.
Primary Alert Fields
The primary alert is the oldest, most severe alert correlated into an incident.
Field name | Description | Format |
---|---|---|
primaryAlert.id | System-generated unique identifier for the alert. | String |
primaryAlert.status | The most severe status the alert triggered Possible returns are: [critical, warning, unknown, ok] | String |
primaryAlert.is_active | Whether the alert is active and has not been resolved. | Boolean |
primaryAlert.primary_property | Name of the main object that triggered the alert. | String |
primaryAlert.secondary_property | Name of the secondary object or sub-item that triggered the alert. | String |
primaryAlert.source_system | Integrated monitoring system(s) that sent the alert to BigPanda. | Array of strings |
primaryAlert.incident_key | Deduplication rule for the primary alert, usually primary_secondary values. | String |
primaryAlert.description | Brief summary (max. 2048 characters) of the alert included by certain monitoring tools | String |
primaryAlert.primary | Value of primary property. | String |
primaryAlert.secondary | Value of the secondary property. | String |
primaryAlert.maintenance | Whether the alert is currently suppressed through a maintenance plan. | Boolean |
primaryAlert.tags.<tagname> | The tag value associated with the alert for a given tag. | String |
Incident Data
Field name | Description | Format |
---|---|---|
incident.id | System-generated unique identifier for the incident. | String |
incident.status | Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok]. | String |
incident.is_active | Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. | Boolean |
incident.severity | The highest status reached by any alert in the incident at any time. | String |
incident.flapping | Whether at least one correlated alert has changed states frequently enough to be treated as flapping. | Boolean |
incident.updated_at | Time of last change to incident, in Unix epochs. | Timestamp (in seconds) |
incident.last_change | Time of the last change to the incident that triggered applicable sharing updates, in Unix epochs. | Timestamp (in seconds) |
incident.start | Time when the earliest correlated alert was received, in Unix epochs. | Timestamp (in seconds) |
incident.end | Time when the incident status was set to ok, in Unix epochs. | Timestamp (in seconds) |
incident.alert_table | The first 5 alerts correlated to the incident, sorted by timestamp. | Array of Objects |
Incident Tags
Field name | Description | Format |
---|---|---|
incident_tag.itd_ai_reasoning_1 | Explanation of the logical path the AI traveled to suggest the root cause. | String |
incidentTags.<tag_id> | The value(s) of the specified incident tag as related to the incident. | Array of Strings? |
AI Processing delay
AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay.
Links
Field Name | Description | Format |
---|---|---|
links.preview | The url where the incident preview can be accessed. The URL does not require BigPanda login. | String |
links.console | A direct link to the incident in BigPanda. This URL requires BigPanda login. | String |
links.timeline | A direct link to the incident’s timeline view in BigPanda. This URL requires BigPanda login | String |
Standard available fields for Webhook v2 Workflows
Dynamic variables can include alert fields, incident data, incident metadata, incident tags, and preview links.
Primary alert fields
Field | Description | Format | Feature support |
---|---|---|---|
primaryAlert.id | System-generated unique identifier for the alert. | String | Webhook v2, Email |
primaryAlert.status | The most severe status the alert triggered. Possible returns are: [critical, warning, unknown, ok] | String | Webhook v2, Email |
primaryAlert.is_active | Whether the alert is active and has not been resolved. | Boolean | Webhook v2, Email |
primaryAlert.primary_property | Name of the main object that triggered the alert. | String | Webhook v2, Email |
primaryAlert.secondary_property | Name of the secondary object or sub-item that triggered the alert. | String | Webhook v2, Email |
primaryAlert.source_system | Integrated monitoring system(s) that sent the alert to BigPanda. | Array of strings | Webhook v2, Email |
primaryAlert.incident_key | Deduplication rule for the primary alert, usually primary_secondary values. | String | Webhook v2, Email |
primaryAlert.description | Brief summary (max. 2048 characters) of the alert included by certain monitoring tools | String | Webhook v2, Email |
primaryAlert.primary | Value of primary property. | String | Webhook v2, Email |
primaryAlert.secondary | Value of secondary property. | String | Webhook v2, Email |
primaryAlert.maintenance | Whether the alert is currently suppressed through a maintenance plan. | Boolean | Webhook v2, Email |
primaryAlert.tags.<tagname> | The tag value associated with the alert for a given tag. | String | Webhook v2, Email |
Incident data
Field | Description | Format | Feature support |
---|---|---|---|
incident.id | System-generated unique identifier for the incident. | String | Webhook v2, Email |
incident.status | Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok]. | String | Webhook v2, Email |
incident.is_active | Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. | Boolean | Webhook v2, Email |
incident.severity | The highest status reached by any alert in the incident at any time. | String | Webhook v2, Email |
incident.flapping | Whether at least one correlated alert has changed states frequently enough to be treated as flapping. | Boolean | Webhook v2, Email |
incident.updated_at | Time of last change to incident, in Unix epochs. | Timestamp (in seconds) | Webhook v2, Email |
incident.last_change | Time of the last change to the incident that triggered applicable sharing updates, in Unix epochs. | Timestamp (in seconds) | Webhook v2, Email |
incident.start | Time when the earliest correlated alert was received, in Unix epochs. | Timestamp (in seconds) | Webhook v2, Email |
incident.end | Time when the incident status was set to | Timestamp (in seconds) | Webhook v2, Email |
incident.alert_table | An HTML-formatted table with the first 5 alerts correlated into the incident, sorted by timestamp. This variable should only be used in email templates. | Array of objects | |
incident.resolved | Whether the incident has been resolved. | Boolean | Webhook v2 |
incident.snoozed | Whether the incident is currently snoozed. | Boolean | Webhook v2 |
incident.snooze_config | The settings for an incident snooze, including when the incident is scheduled to wake and whether automatic cancelling is enabled. | Object | Webhook v2 |
incident.alerts_array | All alerts correlated into the incident in JSON string format. This variable should only be used in webhook customization. | Array of objects | Webhook v2 |
Share metadata
These fields provide information on the share action itself.
Field | Description | Format | Feature support |
---|---|---|---|
metadata.environment_name | Name of the environment in BigPanda where the incident was shared from. | String | Webhook v2, Email |
metadata.environment_id | Name of the environment group in BigPanda where the incident was shared from. | String | Webhook v2, Email |
metadata.sender_name | The name of the user who initiated the share. Autoshares will list BigPanda as the sender. | String | Webhook v2, Email |
metadata.sender_email | The email address of the user who initiated the share. Autoshares will list BigPanda as the sender. | String | Webhook v2, Email |
metadata.event_types | Information on the different triggers that occurred within the scope of the incident being shared. (See Available Triggers for the full list of supported triggers.) | Array of strings | Webhook v2 |
metadata.performer_email | The email address of the account that added a comment to the incident. | String | Webhook v2 |
metadata.performer_name | Name of the account that added a comment to the incident. | String | Webhook v2 |
metadata.comment | Comments added to the incident in BigPanda. | String | Webhook v2 |
metadata.message | The annotation added to the share action. | String | Webhook v2 |
Incident tags
Field | Description | Format | Feature support |
---|---|---|---|
incident_tag.itd_ai_reasoning_1 | Explanation of the logical path the AI traveled to suggest the root cause. | String | |
incidentTags.<tag_id> | The value(s) of the specified incident tag as related to the incident. | Array of strings |
AI Processing delay
AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay.
Links
Field | Description | Format | Feature support |
---|---|---|---|
links.preview | The URL where the incident preview can be accessed. The URL does not require BigPanda login. | String | Webhook v2, Email |
links.console | A direct link to the incident in BigPanda. This URL requires BigPanda login. | String | Webhook v2, Email |
links.timeline | A direct link to the incident’s timeline view in BigPanda. This URL requires BigPanda login | String | Webhook v2, Email |
Assignee
Field | Description | Format | Feature support |
---|---|---|---|
assignee.name | Name of the account that was assigned the incident. | String | Webhook v2 |
assignee.username | The email address of the BigPanda user who was assigned the incident. | String | Webhook v2 |
Assigner
Field | Description | Format | Feature support |
---|---|---|---|
assigner.name | Name of the account that assigned the incident. | String | Webhook v2 |
assigner.username | The email address of the BigPanda user who assigned the incident. | String | Webhook v2 |
Additional fields
Field | Description | Format | Feature support |
---|---|---|---|
similarities | Incident data for Similar Incidents, if configured. Attributes:
| Array of objects | Webhook v2 |
relatedChanges | Schema definitions for all RCC relations. Attributes:
| Array of objects | Webhook v2 |