ElastAlert Integration Guide
ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. ElastAlert works with all versions of Elasticsearch.
What can Xurrent IMR do for Elastalert users?
With Elastalert's Integration, Xurrent IMR sends new Elastalert alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Xurrent IMR provides your NOC, SRE and application engineers with detailed context around the Elastalert alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
Whenever Elastalert triggers an alert based on a predefined condition, Xurrent IMR will create an incident. When that condition goes back to normal levels, Xurrent IMR will auto-resolve the incident.
You can also use Alert Rules to custom route specific Elastalert alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
To integrate Elastalert with Xurrent IMR, complete the following steps:
In Xurrent IMR:
- To add a new Elastalert integration, go to Teams on Xurrent IMR and click on the team you want to add the integration to.
- Next, go to Services and click on the relevant Service.
- Go to Integrations and then Add New Integration. Give it a name and select the application ElasticAPM from the dropdown menu.
- Go to Configure under your integrations and copy the Webhook URL generated.
In Elastalert:
- Copy the following code snippet and add the Xurrent IMR webhook URL for
http_post_url - Paste this code in the configuration YAML file for ElastAlert.
Example :
Now Elastalert is integrated with Xurrent IMR!