• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with X-Pack (Elasticsearch Watcher)

Elastic logo

What does Opsgenie offer X-Pack Alerting users?

Use Opsgenie’s X-Pack Alerting Integration to forward X-Pack Alerting alerts to Opsgenie. Opsgenie acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When an alert is fired by X-Pack Alerting, an alert is created in Opsgenie automatically through the integration.

  • When the alert is acknowledged in Opsgenie, the alert is acknowledged in X-Pack Alerting.

Add X-Pack Alerting Integration in Opsgenie

  1. Log in to your Opsgenie account. Go to Settings → Integrations → X-Pack Alerting.

Under the Free and Essentials plans, the tabs under the Team dashboard are limited to Main, Integrations, Members, and Activity Stream.

2. Specify who is notified for X-Pack Alerting alerts using the Responders field. Auto-complete suggestions are provided as you type.

Did you know that you can also add this integration from your team dashboard? 

If you want your team to be the owner of this integration, add it from your team dashboard. Opsgenie will assign the alerts received through this integration to your team only.

To do that;

  1. Go to Teams,

  2. Find your team and select it to go to your team dashboard,

  3. From your team navigation, select Integrations,

  4. Select Add integration.

3. Copy the code in "Configuration in X-Pack Alerting" section of this document.

4. Click Save Integration.

X-Pack Alerting integration settings

Configuration in X-Pack Alerting

  1. Paste the code below in Elasticsearch.

  2. Configure alert settings in X-Pack Alerting.

  3. For more information about X-Pack Alerting, refer to X-Pack Alerting Documentation.

  4. Replace "[YOUR API KEY]" with the API Key of the integration.

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 PUT _watcher/watch/[WATCH ID] { [OTHER CONFIGURATIONS OF YOUR X-PACK ALERTING ALERT] . . . . . "actions" : { "opsgenie" : { "webhook" : { "scheme" : "https", "method" : "POST", "host" : "api.opsgenie.com", "port" : 443, "path" : "/v1/json/eswatcher", "headers" : { "Content-Type" : "application/json" }, "params": { "apiKey": "[YOUR API KEY]" }, "body" : "{{#toJson}}ctx{{/toJson}}" } } } }

Acknowledging Alerts in X-Pack Alerting (Optional)

  • Set the integration to automatically acknowledge an alert in X-Pack Alerting, when the alert is acknowledged in Opsgenie.

  • In order to do this, select "Acknowledge Alerts in X-Pack Alerting" option in integration settings.

  • After enabling this option, two fields appear to be filled.

  • Fill "X-Pack AlertingAction ID" field with your Action ID.

  • Fill "X-Pack Alerting Host URL" field with the URL address.

  • Specify the full URL address as [protocol]://yourserveraddr:[port]. (e.g. http://yourserver.com:9200)

X-Pack alerting integration ack save

Sample Payload

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 { "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z", "vars": {}, "trigger": { "triggered_time": "2016-09-28T11:31:05.955Z", "scheduled_time": "2016-09-28T11:31:05.511Z" }, "execution_time": "2016-09-28T11:31:05.955Z", "watch_id": "event_critical_watch", "payload": { "hits": { "total": 1, "hits": [ { "_type": "event", "_source": { "eventDescription": "System has detected 3 failed login attempts", "eventId": 1, "eventName": "3 failed login attempts", "eventType": "LOG", "eventCategory": "CRITICAL" }, "_id": 1, "_index": "event", "_score": 0.30685282 } ], "max_score": 0.30685282 }, "_shards": { "total": 1, "failed": 0, "successful": 1 }, "timed_out": false, "took": 1 }, "metadata": "null" }

Sample Alert

X-Pack Alerting sample alert
Last modified on Jun 18, 2021
Cached at 8:46 AM on Aug 4, 2021 |

Additional Help

Ask the Community