Defines the schema for an Alert sent to BigPanda.
| API Endpoint | https://api.bigpanda.io/data/v2/alerts |
|---|---|
| Supported Methods | POST |
Parameters
The Alert object schema includes the following attributes:
| Attribute | Description | Type |
|---|---|---|
| app_key | The unique identifier of the integration, created during the first step of integration. | String |
| status | Status of the event. One of ok, critical, warning, unknown, acknowledged. | String |
| timestamp | (Optional) Time that the event occurred. Unix epoch time when X (in seconds). If no time is specified, the value defaults to the time received in BigPanda. This field is often used for systems that send events in batches. | Timestamp (in seconds) |
| <event_property> | Event properties to become tags in BigPanda. The alert object can include any number of custom JSON attributes in string, integer, or array format. | String |
| <event_property> | Event properties to become tags in BigPanda. The alert object can include any number of custom JSON attributes in string, integer, or array format. When sending an array, the array values are combined into a single tag, pipe delimited in the UI. | Array |
| <event_property> | Event properties to become tags in BigPanda. The alert object can include any number of custom JSON attributes in string, integer, or array format. | Integer |
| description | (Optional) Brief summary of the alert for certain monitoring tools - max. 2048 characters. | String |
| incident_identifier | (Optional) A unique identifier used to recognize if two events are related to each other. Adding an incident_identifier into the payload will override the default value, and allows you to configure specific deduplication rules. | String |
| primary_property | (Optional) Define a specific event property to act as primary property for this payload. The defined event property must be included in the payload. If not, the primary property will be defined by any included default fields. If no primary property is included, the payload will be dropped. | String |
| secondary_property | (Optional) Define a specific event property to act as secondary property for this payload. The defined event property must be included in the payload. If not, the secondary property will be defined by any included default fields. | String |
Sample Alert Payloads:
{ "app_key": "<APP KEY>",
"status": "critical",
"host": "production-database-1",
"check": "CPU overloaded",
"timestamp": 1402303570,
"application": "Billing",
"regions":["US1","US2","EMEA"],
"count": 47
"description": "CPU is above warning limit (40%)",
"primary_property": "application",
"secondary_property": "host"}
{ "app_key": "<APP KEY>",
"alerts": [{
"status": "critical",
"host": "production-database-1",
"check": "CPU overloaded",
"description": "CPU is above warning limit (40%)"
}, {
"status": "critical",
"host": "production-database-2",
"check": "CPU overloaded",
"timestamp": 1402303570,
"application": "Billing"
}]
}
Event Properties
The attributes included in the JSON payload become tags in BigPanda.
You can add any number of custom JSON attributes with a string, integer, or array value to the payload. Common fields include host, host, service, application, device, check, sensor, cluster, node, data center, region, and description.
When configuring the data to send through the Alerts API, send attributes that:
- Drive deduplication, correlation, and UI titling. Event attributes enable BigPanda to turn noisy events into high-quality alerts and actionable incidents.
- Add context about the event, including where or when the alert triggered. Additional information helps your team understand the full situation while investigating an issue.
- Enable automation and categorization. Tags such as
business elementorteamhelp you build environments, autoshare rules, analytics, and workflows. - Set next steps for triage and remediation. Including links to runbook wikis or investigation tools helps your team take action quicker. If a tag value starts with
http, BigPanda automatically adds a link button.
Primary and Secondary Properties
Primary and secondary properties are key fields used for event deduplication, normalization, correlation, and titling within the UI. All events sent to BigPanda must include a primary property. Payloads without a primary property will fail to process into the BigPanda pipeline. A secondary property is recommended, but not required.
By default, BigPanda treats certain fields as primary property: host, service, application, or device
If a payload includes multiple of these fields, or if none can be sent, the primary_property attribute can define a field to function as the primary property.
Secondary property is always optional, but if check or sensor fields are included, they will be treated as the secondary property. Secondary property can also be manually set using the secondary_property field.
For example, you may have an event that is associated with both a host and an application, where the application is primary and the host is secondary. In these cases, use the primary_property and secondary_property attributes to define deduplication and correlation behavior.
Sending Multiple Alerts
If you want to send more than one alert in a single API call, you can modify the JSON payload to send an array of alert objects. When sending multiple alerts at the same time, you can choose to specify the app_key one time instead of for each alert.
️ Sending multiple alerts with the REST API
BigPanda uses the timestamp to determine the latest status of an alert. If it is not included, BigPanda uses the time when the event is received. To ensure that BigPanda accurately reflects the current status, when sending multiple events, you must include the timestamp for each event or sort the
alertsarray by when the events occurred, in ascending order.