Skip to main content

Incidents V2

The Incidents API allows you to manage BigPanda incidents externally, and can be configured with external ticketing and monitoring tools. It provides the Incidents object, which represents a BigPanda incident containing correlated alerts from your integrated monitoring systems.

The Incident Search function uses BigPanda Query Language (BPQL) to filter the incidents in your BigPanda instance and return those that meet specific conditions. Set sort order, pagination rules, and query incidents by tag, time frame, source system, or more. The Incident Search function can be used to return all incidents in a specific environment.

Expanding alert data

To include the full alert object for each retrieved incident, include expand=alerts in the query.

When making a call with alerts expanded, page_size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error.

Incident Actions allows you to seamlessly manage incidents through the API. Incidents can be merged, split, assigned, snoozed, and commented on through the API.

A list of the actions that have been taken on an incident can be retrieved using the Get Activities function.

Environment ID

The environment ID can extracted from the URL of the BigPanda console in browser, or it can be retrieved through the Environments API

Different objects

The Incidents V2 API and Notifications Webhook return different fields and formatting. This object page lists the fields for calls made to the Incidents V2 API.

To configure a sharing integration or notifications webhook, see the Webhook Incident Object.

Asynchronous calls

Some actions, like merge and split, are heavy asynchronous operations that will have a small delay before being reflected in your data. Multiple retries for an asynchronous call will result in an error.

Filter by Activity

Incident Activities can be filtered by activity type, using a comma separated query string of one or more activity types with the call.

Example queries:

  • /activities?page=5 - will return results from the 5th set of results

  • /activities?per_page=40 - will return 40 results per page instead of the default 20

  • /activities?types=incident_commented,incident_snoozed - will return only comment and snooze activity

  • /activities?types=incident_created,incident_resolved_ui_manually,incident_resolved_api,incident_resolved_by_alerts,incident_reopen - will return only opening and closing activity for the incident

Activities available for retrieval are:

  • incident_created

  • incident_assigned

  • incident_unassigned

  • incident_become_flapping

  • incident_commented

  • incident_resolved_ui_manually

  • incident_resolved_api

  • Incident_alerts_resolved

  • incident_tag_removed

  • incident_tag_updated

  • incident_merged_destination

  • incident_merged_source

  • incident_rcc_update

  • incident_shared

  • incident_splitted_destination

  • incident_splitted_source

  • incident_snoozed

  • incident_unsnoozed

  • incident_opened

  • incident_reopen

  • incident_resolved_by_alerts

Return order

Activities are returned in reverse timestamp order, most recent activities to oldest.

Time-based alert resolution activity type

Stale incident resolution through time-based alert resolution is included under the incident_resolved_api activity type.

Incidents v2

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

Example 1. Retrieve incident by ID
curl --request GET \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id} \
     --header 'Authorization: Bearer <User API Key>'
curl --request GET \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id} \
     --header 'Authorization: Bearer <User API Key>'


Example 2. Search incidents
cURL --request GET \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents?query=host%20%3D%20"Event%20types%20Test%201" \
     --header 'Authorization: Bearer <User API Key>'
cURL --request GET \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents?query=host%20%3D%20"Event%20types%20Test%201" \
     --header 'Authorization: Bearer <User API Key>'


Example 3. Split incident
curl --request POST \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/split \
     --header 'Authorization: Bearer <User API Key>'
     --header 'Content-Type: application/json' \
     --data '{
 "comment": "<comment text>",
"alerts": ["5d09d221aebaec1c43ccd448", "5cff623a21169351a82cb5e2"]
}'
curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/split \
     --header 'Authorization: Bearer <User API Key>'
     --header 'Content-Type: application/json' \
     --data '{
 "comment": "<comment text>",
"alerts": ["5d09d221aebaec1c43ccd448", "5cff623a21169351a82cb5e2"]
}'


Example 4. Merge incidents
curl --request POST \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/merge \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"source_incidents": [
"608ffd7aa912bc031f0ab0f1",
"608ab712fa71ee2824d009c0"
],
"comment": "<comment text>"
}'
curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/merge \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"source_incidents": [
"608ffd7aa912bc031f0ab0f1",
"608ab712fa71ee2824d009c0"
],
"comment": "<comment text>"
}'


Example 5. Comment on an incident
curl --request POST \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/comments \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"comment": "<comment text>"
}'
curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/comments \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"comment": "<comment text>"
}'


Example 6. Snooze an incident
curl --request PUT \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/snooze \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
  "comment": "a comment",
  "end_time": 1638212314,
  "cancel_on_incident_updates": true
}'
 curl --request PUT \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/snooze \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
  "comment": "a comment",
  "end_time": 1638212314,
  "cancel_on_incident_updates": true
}'


Example 7. Unsnooze an incident
curl --request DELETE \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/snooze \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
curl --request DELETE \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/snooze \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \


Example 8. Assign an incident
curl --request PUT \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/assignment \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
  "assignee": "AssigneeID"
}'
curl --request PUT \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/assignment \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
  "assignee": "AssigneeID"
}'


Example 9. Unassign an incident
curl --request DELETE \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/assignment \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
curl --request DELETE \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/assignment \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \


Example 10. Resolve an incident
curl --request POST \
     --url https://api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/resolve \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"comments": "issue was solved"
}'
curl --request POST \
     --url https://eu-api.bigpanda.io/resources/v2.0/environments/{environment_id}/incidents/{incident_id}/resolve \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'Content-Type: application/json' \
     --data '{
"comments": "issue was solved"
}'


Example 11. Get incident activities
curl --request GET \
     --url https://api.bigpanda.io/resources/v2.0/incidents/{incident_id}/activities?page=5&per_page=40&types=incident_commented,incident_snoozed \
     --header 'Authorization: Bearer <User API Key>' \
     --header "Content-Type: application/json" \

curl --request GET \
     --url https://eu-api.bigpanda.io/resources/v2.0/incidents/{incident_id}/activities?page=5&per_page=40&types=incident_commented,incident_snoozed \
     --header 'Authorization: Bearer <User API Key>' \
     --header "Content-Type: application/json" \


In this section: