Incident Object

id

System-generated unique identifier for the incident.

String

"id": "1234a53b6789c12d3efg45h"

status

Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok].

String

"status" : "critical"

active

Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved.

Boolean

"active": true

severity

The highest status the incident reached

String

“severity”: “critical”

flapping

Whether at least one correlated alert has changed states frequently enough to be treated as flapping

Boolean

"flapping": false

shared

Whether the incident has been shared

Boolean

"shared": false

snooze

Snooze options for the incident
Attributes:
snoozed - Whether the incident is currently snoozed.
end_time - Time when the current snooze period expires, in Unix epochs.
cancel_on_incident_updates - Whether the current snooze should be automatically cancelled if a new alert is added, the severity of an existing alert increases, or the incident is resolved and then reopens.

Object

"snooze" : {"snoozed" : false, "end_time" : null, "cancel_on_incident_updates" : false}

maintenance

Whether an incident is in maintenance
null - not in maintenance
partial - one of the alerts is in maintenance
active - all alerts in maintenance

String

“maintenance”: “partial”

correlation_matchers_log

Log of the correlation patterns matched to the incident over time.

The last item in the array is the most recent one.

Array

“Correlation_matchers_log”: [ {
"time_window": 60,
"tags": [{"name": "cluster", "value": "api"}, {"name": "category", "value": "load" } ],
"correlation_id": "a02fde2f-0ec3-4cc2-9cbd-74823cb11051"
"source_system": "api.backend_monitoring"
} ]

start

Unix time when the earliest correlated alert was received

Timestamp (in seconds)

"start": 1466416853

changed_at

Unix time when the last incident change triggered applicable sharing updates

Timestamp (in seconds)

"changed_at": 1466417169

updated_at

Unix time of last change to incident

Timestamp (in seconds)

"updated_at": 1466417169

end

Unix time when the incident was resolved, either manually or automatically when all alerts were resolved

Timestamp (in seconds)

"end": null

alerts

Array of the alerts that the incident contains.

Attributes:
alert_id - System-generated unique identifier for the alert.

When the request comes with expand=alerts, it sends an array of alert object data.

Array

"alerts" : [ { "alert_id": "57da76d24cdb1f3a54ce25a0", "alert_id": "68eb89e35dca2g4b65df36b1", "alert_id": "79fc79f46egh3h5c78rg78d2" } ]

assignee

The user assigned responsibility to see an incident through resolution
name - in system name of user
user_id - unique identifier of user
email - email associated with user

Object

"assignee": {
"name": "Bob Bobberson",
"user_id": "21e23r34f4d213e23e",
"email": "[email protected]"

assigner

The user who assigned responsibility for an incident
name - in system name of user
user_id - unique identifier of user
email - email associated with user

Object

"assigner": {
"name": "Bob Bobberson",
"user_id": "21e23r34f4d213e23e",
"email": "[email protected]"

environments

Environment IDs for all environments the incident appears in

Array

"environments": ["607ff43712d7dd0464ebf123", "607ff43712d7dd0464ebf124"]

folders

Folder name of all folders the incident appears in

Array

"folder": ["active", "unhandled"]

incident_tags

Incident tags associated with the incident
id - unique identifier for the tag
name - in system tag name
type - whether the tag is a Text, Priority or MultiValue tag
value - value of the incident tag according to its type

Array

"incident_tags": [
{
"id": "idt_priority",
"name": "priority",
"type": "Priority",
"value": 900
},
{
"id": "affected_services",
"name": "Affected Services",
"type": "MultiValue",
"value": ["Billing"]