• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with X-Pack (Elasticsearch Watcher)

Elastic logo

What does Opsgenie offer X-Pack Alerting users?

Use Opsgenie’s X-Pack Alerting Integration to forward X-Pack Alerting alerts to Opsgenie. Opsgenie acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When an alert is fired by X-Pack Alerting, an alert is created in Opsgenie automatically through the integration.

  • When the alert is acknowledged in Opsgenie, the alert is acknowledged in X-Pack Alerting.

Add X-Pack Alerting Integration in Opsgenie

  1. Go to Opsgenie X-Pack Alerting Integration page.

Under the Free and Essentials plans, the tabs under the Team dashboard are limited to Main, Integrations, Members, and Activity Stream.

2. Specify who is notified for X-Pack Alerting alerts using the Teams field. Auto-complete suggestions are provided as you type.

An alternative for Step 1) and Step 2) is to add the integration from the Team Dashboard of the team which will own the integration. To add an integration directly to a team, navigate to the Team Dashboard and open Integrations tab. Click Add Integration and select the integration that you would like to add.

3. Copy the code in "Configuration in X-Pack Alerting" section of this document.

4. Click Save Integration.

X-Pack Alerting integration settings

Configuration in X-Pack Alerting

  1. Paste the code below in Elasticsearch.

  2. Configure alert settings in X-Pack Alerting.

  3. For more information about X-Pack Alerting, refer to X-Pack Alerting Documentation.

  4. Replace "[YOUR API KEY]" with the API Key of the integration.

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 PUT _watcher/watch/[WATCH ID] { [OTHER CONFIGURATIONS OF YOUR X-PACK ALERTING ALERT] . . . . . "actions" : { "opsgenie" : { "webhook" : { "scheme" : "https", "method" : "POST", "host" : "api.opsgenie.com", "port" : 443, "path" : "/v1/json/eswatcher", "headers" : { "Content-Type" : "application/json" }, "params": { "apiKey": "[YOUR API KEY]" }, "body" : "{{#toJson}}ctx{{/toJson}}" } } } }

Acknowledging Alerts in X-Pack Alerting (Optional)

  • Set the integration to automatically acknowledge an alert in X-Pack Alerting, when the alert is acknowledged in Opsgenie.

  • In order to do this, select "Acknowledge Alerts in X-Pack Alerting" option in integration settings.

  • After enabling this option, two fields appear to be filled.

  • Fill "X-Pack AlertingAction ID" field with your Action ID.

  • Fill "X-Pack Alerting Host URL" field with the URL address.

  • Specify the full URL address as [protocol]://yourserveraddr:[port]. (e.g. http://yourserver.com:9200)

X-Pack alerting integration ack save

Sample Payload

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 { "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z", "vars": {}, "trigger": { "triggered_time": "2016-09-28T11:31:05.955Z", "scheduled_time": "2016-09-28T11:31:05.511Z" }, "execution_time": "2016-09-28T11:31:05.955Z", "watch_id": "event_critical_watch", "payload": { "hits": { "total": 1, "hits": [ { "_type": "event", "_source": { "eventDescription": "System has detected 3 failed login attempts", "eventId": 1, "eventName": "3 failed login attempts", "eventType": "LOG", "eventCategory": "CRITICAL" }, "_id": 1, "_index": "event", "_score": 0.30685282 } ], "max_score": 0.30685282 }, "_shards": { "total": 1, "failed": 0, "successful": 1 }, "timed_out": false, "took": 1 }, "metadata": "null" }

Sample Alert

X-Pack Alerting sample alert
Last modified on Feb 15, 2021
Cached at 8:53 PM on Apr 10, 2021 |

Additional Help

Ask the Community