• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with X-Pack (Elasticsearch Watcher)

Elastic logo

Overview

What does the integration offer?

Use the X-Pack Alerting Integration to forward X-Pack Alerting alerts to Opsgenie. Opsgenie acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until they are acknowledged or closed.

How does the integration work?

When an alert is fired by X-Pack Alerting, an alert is created in Opsgenie automatically through the integration. When the alert is acknowledged in Opsgenie, the alert is acknowledged in X-Pack Alerting.

Set up the integration

X-Pack Alerting is a bidirectional integration. Setting it up involves the following steps:

  • Add an X-Pack Alerting integration in Opsgenie

  • Configure the integration in X-Pack Alerting

Add an X-Pack Alerting integration

If you're using Opsgenie's Free or Essentials plan or if you’re using Opsgenie with Jira Service Management's Standard plan, you can add this integration from your team dashboard only. The Integrations page under Settings is not available in your plan.

  1. Go to Teams and select your team.

  2. Select Integrations on the left navigation and then select Add integration.

Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only. Follow the rest of the steps in this section to set up the integration.

To add an X-Pack Alerting integration in Opsgenie:

  1. Go to Settings > Integrations.

  2. Select Add integration.

  3. Run a search and select “X-Pack Alerting”.

  4. On the next screen, enter a name for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the API key.
    You will use this key while configuring the integration in X-Pack Alerting later.

  8. Copy the code provided in the "Configure the integration in X-Pack Alerting" section of this article.
    You will use this code while configuring the integration in X-Pack Alerting later.

  9. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

Configure the integration in X-Pack Alerting

  1. Paste the code you copied while adding the integration in Opsgenie in Elasticsearch.

  2. Configure alert settings in X-Pack Alerting.
    For more information about X-Pack Alerting, refer to X-Pack Alerting Documentation.

  3. Paste the API key you copied while adding the integration in Opsgenie into [YOUR API KEY].

Other configuration of your X-Pack Alerting

(in JSON format)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 PUT _watcher/watch/[WATCH ID] { [OTHER CONFIGURATIONS OF YOUR X-PACK ALERTING ALERT] . . . . . "actions" : { "opsgenie" : { "webhook" : { "scheme" : "https", "method" : "POST", "host" : "api.opsgenie.com", "port" : 443, "path" : "/v1/json/eswatcher", "headers" : { "Content-Type" : "application/json" }, "params": { "apiKey": "[YOUR API KEY]" }, "body" : "{{#toJson}}ctx{{/toJson}}" } } } }

Acknowledge alerts in X-Pack Alerting

Set the integration to automatically acknowledge an alert in X-Pack Alerting when the alert is acknowledged in Opsgenie.

  1. Select the Acknowledge alerts in X-Pack Alerting checkbox in the Outgoing section of the integration configuration page.

  2. Edit the integration settings and select Authenticate with an X-Pack Alerting account. Set the following values:

    1. Enter the action ID into X-Pack Alerting Action Id.

    2. Enter your X-Pack Alerting host URL into X-Pack Alerting Host URL. Specify the full URL address as [protocol]://yourserveraddr:[port]. For example: http://yourserver.com:9200

  3. Select Save.

Sample payload

(in JSON format)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 { "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z", "vars": {}, "trigger": { "triggered_time": "2016-09-28T11:31:05.955Z", "scheduled_time": "2016-09-28T11:31:05.511Z" }, "execution_time": "2016-09-28T11:31:05.955Z", "watch_id": "event_critical_watch", "payload": { "hits": { "total": 1, "hits": [ { "_type": "event", "_source": { "eventDescription": "System has detected 3 failed login attempts", "eventId": 1, "eventName": "3 failed login attempts", "eventType": "LOG", "eventCategory": "CRITICAL" }, "_id": 1, "_index": "event", "_score": 0.30685282 } ], "max_score": 0.30685282 }, "_shards": { "total": 1, "failed": 0, "successful": 1 }, "timed_out": false, "took": 1 }, "metadata": "null" }

Additional Help