Dynamic Variables
Use dynamic variables to customize emails and outbound webhooks with unique alert and incident data.
Message helper for email integration
When creating a new email template, you can either manually add dynamic variables, or you can use the helper list from the email template editor.
To open the helper, enter or select {{. A list of available categories and fields will appear. Select the desired field, or enter the category or field name to filter the list.
Available fields
Dynamic variable message tags can include alert fields, incident data, incident metadata, incident tags, and preview links.
Primary Alert Fields
The primary alert is the oldest, most severe alert correlated into an incident.
Field name | Description | Format |
|---|---|---|
primaryAlert.id | System-generated unique identifier for the alert. | String |
primaryAlert.status | The most severe status the alert triggered Possible returns are: [critical, warning, unknown, ok] | String |
primaryAlert.is_active | Whether the alert is active and has not been resolved. | Boolean |
primaryAlert.primary_property | Name of the main object that triggered the alert. | String |
primaryAlert.secondary_property | Name of the secondary object or sub-item that triggered the alert. | String |
primaryAlert.source_system | Integrated monitoring system(s) that sent the alert to BigPanda. | Array of strings |
primaryAlert.incident_key | Deduplication rule for the primary alert, usually primary_secondary values. | String |
primaryAlert.description | Brief summary (max. 2048 characters) of the alert included by certain monitoring tools | String |
primaryAlert.primary | Value of primary property. | String |
primaryAlert.secondary | Value of the secondary property. | String |
primaryAlert.maintenance | Whether the alert is currently suppressed through a maintenance plan. | Boolean |
primaryAlert.tags.<tagname> | The tag value associated with the alert for a given tag. | String |
Incident Data
Field name | Description | Format |
|---|---|---|
incident.id | System-generated unique identifier for the incident. | String |
incident.status | Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok]. | String |
incident.is_active | Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. | Boolean |
incident.severity | The highest status reached by any alert in the incident at any time. | String |
incident.flapping | Whether at least one correlated alert has changed states frequently enough to be treated as flapping. | Boolean |
incident.updated_at | Time of last change to incident, in Unix epochs. | Timestamp (in seconds) |
incident.last_change | Time of the last change to the incident that triggered applicable sharing updates, in Unix epochs. | Timestamp (in seconds) |
incident.start | Time when the earliest correlated alert was received, in Unix epochs. | Timestamp (in seconds) |
incident.end | Time when the incident status was set to ok, in Unix epochs. | Timestamp (in seconds) |
incident.alert_table | A list of the alert objects correlated to the incident. | Array of Objects |
Incident Metadata
Field name | Description | Format |
|---|---|---|
metadata.environment_name | Name of the environment in BigPanda where the incident was shared from. | String |
metadata.environment_id | Name of the environment group in BigPanda where the incident was shared from. | String |
metadata.sender_name | The name of the user who initiated the share. Autoshares will list BigPanda as the sender. | String |
metadata.sender_email | The name of the user who initiated the share. Autoshares will list BigPanda as the sender. | String |
Incident Tags
Field name | Description | Format |
|---|---|---|
incident_tag.itd_ai_reasoning_1 | Explanation of the logical path the AI traveled to suggest the root cause. | String |
incidentTags.<tag_id> | The value(s) of the specified incident tag as related to the incident. | Array of Strings? |
AI Processing delay
AI tags are generated at a 1-3 minute delay after initial incident processing. To include AI tags in static messages such as email, ensure the AutoShare is configured at a 3 minute delay.
Links
Field Name | Description | Format |
|---|---|---|
links.preview | The url where the incident preview can be accessed. The URL does not require BigPanda login. | String |
links.console | A direct link to the incident in BigPanda. This URL requires BigPanda login. | String |
links.timeline | A direct link to the incident’s timeline view in BigPanda. This URL requires BigPanda login | String |