Send Alerts

Send alert events through the API.

🚧

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the Org Token type of Authorization token.

Nested objects are not supported when sending events to the Rest API

Event Properties

The attributes included in the JSON payload become tags in BigPanda.

You can add any number of custom JSON attributes with a string, integer, or array value to the payload. Common fields include host, host, service, application, device, check, sensor, cluster, node, data center, region, and description.

When configuring the data to send through the Alerts API, send attributes that:

  • Drive deduplication, correlation, and UI titling. Event attributes enable BigPanda to turn noisy events into high-quality alerts and actionable incidents.
  • Add context about the event, including where or when the alert triggered. Additional information helps your team understand the full situation while investigating an issue.
  • Enable automation and categorization. Tags such as business element or team help you build environments, autoshare rules, analytics, and workflows.
  • Set next steps for triage and remediation. Including links to runbook wikis or investigation tools helps your team take action quicker. If a tag value starts with http, BigPanda automatically adds a link button.

Primary and Secondary Properties

Primary and secondary properties are key fields used for event deduplication, correlation, and titling within the UI. All events sent to BigPanda must include a primary property. Payloads without a primary property will fail to process into the BigPanda pipeline. A secondary property is recommended, but not required.

By default, BigPanda treats certain fields as primary property: host, service, application, or device

If a payload includes multiple of these fields, or if none can be sent, the primary_property attribute can define a field to function as the primary property.

Secondary property is always optional, but if check or sensor fields are included, they will be treated as the secondary property. Secondary property can also be manually set using the secondary_property field.

For example, you may have an event that is associated with both a host and an application, where the application is primary and the host is secondary. In these cases, use the primary_property and secondary_property attributes to define deduplication and correlation behavior.

Sending Multiple Alerts

If you want to send more than one alert in a single API call, you can modify the JSON payload to send an array of alert objects. When sending multiple alerts at the same time, you can choose to specify the app_key one time instead of for each alert.

️ Sending multiple alerts with the REST API

BigPanda uses the timestamp to determine the latest status of an alert. If it is not included, BigPanda uses the time when the event is received. To ensure that BigPanda accurately reflects the current status, when sending multiple events, you must include the timestamp for each event or sort the alerts array by when the events occurred, in ascending order.

curl -X POST -H "Content-Type: application/json" \
    -H "Authorization: Bearer <ORG TOKEN>" \
    https://api.bigpanda.io/data/v2/alerts \
    -d '{ "app_key": "<YOUR APP KEY>", 
          "alerts": [{
               "status": "critical", 
               "host": "production-database-1", 
               "check": "CPU overloaded" 
           }, {
               "status": "critical", 
               "host": "production-database-2", 
               "check": "CPU overloaded" 
           }]
       }'
{
  "status": "warning",
  "host": "production-database-1",
  "timestamp": 1402303570,
  "application": "Billing",
  "description": "CPU is above warning limit (40%)",
  "primary_property": "application",
  "secondary_property": "host"
}
{ 
  "app_key": "<YOUR APP KEY>",
  "status":"warning",
  "host":"test-1",
  "check":"test-2",
  "timestamp": 1402303570,
  "application": "Billing",
  "description": "CPU is above warning limit (40%)",
  "another tag": "tag value",
  "array":["item1","item2","item3"],
  "integer":1
    }
Language