Defines the schema for an incident in BigPanda
| API Endpoint | https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id} |
| Supported Methods | GET |
Parameters
The Incident object schema includes the following attributes:
| Parameter | Description | Type | Example |
|---|---|---|---|
| id | System-generated unique identifier for the incident. | String | "id": "1234a53b6789c12d3efg45h" |
| status | Current incident status, which is determined by the most severe status of the correlated alerts. Possible statuses: [critical, warning, unknown, ok]. | String | "status" : "critical" |
| active | Whether the incident contains at least one active alert and has not been manually resolved. An incident is automatically resolved when all the alerts are resolved. | Boolean | "active": true |
| severity | The highest status the incident reached | String | “severity”: “critical” |
| flapping | Whether at least one correlated alert has changed states frequently enough to be treated as flapping | Boolean | "flapping": false |
| shared | Whether the incident has been shared | Boolean | "shared": false |
| snooze | Snooze options for the incident Attributes: snoozed - Whether the incident is currently snoozed. end_time - Time when the current snooze period expires. Unix epoch time when X (in seconds). cancel_on_incident_updates - Whether the current snooze should be automatically cancelled if a new alert is added, the severity of an existing alert increases, or the incident is resolved and then reopens. | Object | "snooze" : {"snoozed" : false, "end_time" : null, "cancel_on_incident_updates" : false} |
| maintenance | Whether an incident is in maintenance null - not in maintenance partial - one of the alerts is in maintenance active - all alerts in maintenance | String | “maintenance”: “partial” |
| correlation_matchers_log | Log of the correlation patterns matched to the incident over time. As more alerts are added to the incident, the matched correlation patterns may change. When this happens, another array is added that contains the matching correlation patterns at that time. Correlation Pattern Attributes: correlation pattern id - system generated unique identifier for the correlation pattern. time window - The time frame in which this pattern will correlate incoming alerts. alert tags - Alert tags that match the correlation pattern rules. The last item in the array is the most recent one. If multiple correlation patterns match the incident, the pattern with the longest time window is the one that appears in the UI. See the Algorithmic Correlation documentation for more information. When an incident is split, only the source incident maintains the correlation_matchers_log. | Array of Arrays | “correlation_matchers_log”: [[ {"time_window": 180, "tags": [{"name": "service", "value": "service_1" } ], "correlation_id": "d6dc742f-99f9-403f-95dc-de3cbc089211"}, {“time_window”: 35, “tags”: [{“name”: “host”,”value” : “host_9”}], “correlation_id” : “7b2ab6a1-2e80-43b5-9408-5fc2abff1d09”, “source system” : “api_exercise”}, {“time_window” : 10, “tags”: [{“name” : “application”, “value” : “app_2”}], “correlation_id” : “124592f3-e11f-4825-aad2-62c5e4ed11d0”} ]] |
| start | Unix epoch time when the earliest correlated alert was received (in seconds). | Timestamp (in seconds) | "start": 1466416853 |
| changed_at | Unix epoch time when the last incident change triggered applicable sharing updates (in seconds). | Timestamp (in seconds) | "changed_at": 1466417169 |
| updated_at | Unix epoch time when the last change to the incident occurred (in seconds). | Timestamp (in seconds) | "updated_at": 1466417169 |
| end | Unix epoch time when the incident was resolved, either manually or automatically when all alerts were resolved (in seconds). | Timestamp (in seconds) | "end": null |
| alerts | Array of the alerts that the incident contains. Attributes: alert_id - System-generated unique identifier for the alert. When the request comes with expand=alerts, it sends an array of alert object data. | Array | "alerts" : [ { "alert_id": "57da76d24cdb1f3a54ce25a0", "alert_id": "68eb89e35dca2g4b65df36b1", "alert_id": "79fc79f46egh3h5c78rg78d2" } ] |
| assignee | The user assigned responsibility to see an incident through resolution name - in system name of user user_id - unique identifier of user email - email associated with user | Object | "assignee": { "name": "Bob Bobberson", "user_id": "21e23r34f4d213e23e", "email": "[email protected]" |
| assigner | The user who assigned responsibility for an incident name - in system name of user user_id - unique identifier of user email - email associated with user | Object | "assigner": { "name": "Bob Bobberson", "user_id": "21e23r34f4d213e23e", "email": "[email protected]" |
| environments | Environment IDs for all environments the incident appears in | Array | "environments": ["607ff43712d7dd0464ebf123", "607ff43712d7dd0464ebf124"] |
| folders | Folder name of all folders the incident appears in | Array | "folder": ["active", "unhandled"] |
| incident_tags | Incident tags associated with the incident id - unique identifier for the tag name - in system tag name type - whether the tag is a Text, Priority or MultiValue tag value - value of the incident tag according to its type | Array | "incident_tags": [ { "id": "idt_priority", "name": "priority", "type": "Priority", "value": 900 }, { "id": "affected_services", "name": "Affected Services", "type": "MultiValue", "value": ["Billing"] |