• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with X-Pack (Elasticsearch Watcher)

Elastic logo

What does Opsgenie offer X-Pack Alerting users?

Use Opsgenie’s X-Pack Alerting Integration to forward X-Pack Alerting alerts to Opsgenie. Opsgenie acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When an alert is fired by X-Pack Alerting, an alert is created in Opsgenie automatically through the integration.

  • When the alert is acknowledged in Opsgenie, the alert is acknowledged in X-Pack Alerting.

Add X-Pack Alerting Integration in Opsgenie

You can add this integration from your team dashboard

If you're using Opsgenie's Free or Essentials plan, or if you’re using Opsgenie with Jira Service Management's Standard plan, you can only add this integration from your team dashboard as the Integrations page under Settings is not available in your plan.

Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only.

To do that,

  1. Go to your team’s dashboard from Teams,

  2. Select Integrations, and select Add integration.

Follow the rest of the steps to complete the integration.

  1. Go to Settings > Integrations. Search for X-Pack Alerting and select Add.

  2. Specify who is notified for X-Pack Alerting alerts using the Responders field. Auto-complete suggestions are provided as you type.

  3. Copy the code in "Configuration in X-Pack Alerting" section of this document.

  4. Select Save Integration.

Configuration in X-Pack Alerting

  1. Paste the code below in Elasticsearch.

  2. Configure alert settings in X-Pack Alerting.

  3. For more information about X-Pack Alerting, refer to X-Pack Alerting Documentation.

  4. Replace "[YOUR API KEY]" with the API Key of the integration.

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 PUT _watcher/watch/[WATCH ID] { [OTHER CONFIGURATIONS OF YOUR X-PACK ALERTING ALERT] . . . . . "actions" : { "opsgenie" : { "webhook" : { "scheme" : "https", "method" : "POST", "host" : "api.opsgenie.com", "port" : 443, "path" : "/v1/json/eswatcher", "headers" : { "Content-Type" : "application/json" }, "params": { "apiKey": "[YOUR API KEY]" }, "body" : "{{#toJson}}ctx{{/toJson}}" } } } }

Acknowledging Alerts in X-Pack Alerting (Optional)

  • Set the integration to automatically acknowledge an alert in X-Pack Alerting, when the alert is acknowledged in Opsgenie.

  • In order to do this, select "Acknowledge Alerts in X-Pack Alerting" option in integration settings.

  • After enabling this option, two fields appear to be filled.

  • Fill "X-Pack AlertingAction ID" field with your Action ID.

  • Fill "X-Pack Alerting Host URL" field with the URL address.

  • Specify the full URL address as [protocol]://yourserveraddr:[port]. (e.g. http://yourserver.com:9200)

X-Pack alerting integration ack save

Sample Payload

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 { "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z", "vars": {}, "trigger": { "triggered_time": "2016-09-28T11:31:05.955Z", "scheduled_time": "2016-09-28T11:31:05.511Z" }, "execution_time": "2016-09-28T11:31:05.955Z", "watch_id": "event_critical_watch", "payload": { "hits": { "total": 1, "hits": [ { "_type": "event", "_source": { "eventDescription": "System has detected 3 failed login attempts", "eventId": 1, "eventName": "3 failed login attempts", "eventType": "LOG", "eventCategory": "CRITICAL" }, "_id": 1, "_index": "event", "_score": 0.30685282 } ], "max_score": 0.30685282 }, "_shards": { "total": 1, "failed": 0, "successful": 1 }, "timed_out": false, "took": 1 }, "metadata": "null" }

Additional Help