Logz.io

Logz.io is a cloud-based, open-source observability platform that enables you to manage all your monitoring tools on one scalable system. Combined with xMatters, Logz.io collects and analyzes logs to help on-call resolvers reduce response time while troubleshooting issues.

This workflow lets you send actionable alerts to on-call resources when xMatters gets a signal from Logz.io. Responders can initiate an incident with the press of a button, or you can build on the flow to perform automated resolution tasks.

How it works

When an alert is generated in Logz.io, it sends a JSON-formatted webhook to xMatters, based on the user-defined alert rules. A Logz.io trigger in xMatters parses the webhook and initiates a flow. The webhook includes essential alert data you can use to enrich notifications to users or when building automated tasks.

Install the workflow

The following instructions describe how to install the workflow through the xMatters one-click installation process.

  1. Go to the Workflow Templates page and click the Logz.io tile.
  2. On the Set up the Workflow tab, give the workflow a name that identifies its purpose (this must be unique in your instance), add an optional description, and set the default incident type (if applicable). Any built-in Initiate Incident steps in the workflow will automatically be set to the selected incident type.
    • You can edit these later, if needed.

  3. Click Next to set up the connection.
  4. Choose the authentication method. A trigger URL is generated based on the selected authentication method.
  5. Copy the trigger URL — you’ll use this to configure the webhook in Logz.io.
    • The trigger URL includes the recipients parameter, which specifies who should be notified. By default, this parameter is set to notifsy you (the logged in user), but you can set it to target any user or group you want.

  6. You can copy the Configuration Payload to configure the signal in the source application.
  7. Send a test signal to the trigger URL to test the connection.
  8. Click Open Workflow to go to the workflow and customize it, or click Close to close the installation window.

Configure Logz.io to send requests to the trigger URL

To have Logz.io send alerts to the flow trigger, you need to create a custom endpoint and set it to use the trigger URL. 

First, create a new custom endpoint.

  1. In Logz.io, navigate to the Alerts & Events tab and select Notification endpoints.

  2. Click Add endpoint. The Add a new Notification Endpoint window opens.

  3. For the Type field, use the drop-down to select Custom.
  4. Enter a Name and optional Description.
  5. In the URL field, add the xMatters trigger URL.
  6. Add the target names of any recipients you want to notify when the alert fires to the end of the URL.
    • For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
    • For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.
    • You must URL-encode any special characters or spaces in the target names.
  7. Set the Method to POST.
  8. If you use Basic Authentication, add your authentication information in the Headers section.
  9. Insert the following Configuration Payload you copied earlier into the available field:
Copy 
{
  "account_name": "{{account_name}}",
  "alert_definition_id": "{{alert_definition_id}}",
  "alert_description": "{{alert_description}}",
  "alert_samples": "{{alert_samples}}",
  "alert_severity": "{{alert_severity}}",
  "alert_timeframe_end": "{{alert_timeframe_end}}",
  "alert_timeframe_start": "{{alert_timeframe_start}}",
  "alert_title": "{{alert_title}}"
}

Now you'll need to create a new alert to add the endpoint to Logz.io.

  1. Navigate to theAlerts & Events tab and select New alert.

  2. At the top of the window, give the new alert a name.

  3. Complete step 1 by configuring the query.
  4. In the Accounts to search section, select Just these accounts and use the drop-down to select xMatters.
  5. In step 2, set the Trigger conditions and severity. The severity you set here defines the incident severity in xMatters.

  6. In step 3, enter an optional description and tags.

  7. In the Who to send it to section, use the drop-down to select the custom endpoint you just created.
  8. Click Save.

You're ready to use the webhook to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use.

Set recipients in the trigger URL

The trigger expects the recipients in the trigger URL. When you copy the URL from xMatters, it includes the recipients parameter: recipients=<yourname>. Of course, you don’t want to receive all the alerts.

To change the recipients for alerts from this webhook, swap out your name for the people or groups you want to target. The encoding used to add the recipient target names is based on the type of authentication you select in Flow Designer.

  • For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
  • For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.

Remember to URL-encode any special characters, including spaces, in your group names.

We recommend using groups so you can take advantage of the xMatters group features — rotations, escalations, and absences — to reach the right on-call people to jump on an issue.

How to use the workflow

When an alert rule you’ve set to use the action group fires, it sends a signal to xMatters, which creates an alert and notifies the individual or the on-call members of the groups you set as recipients in the webhook URL.

When a condition you've set fires, it sends a signal to xMatters, which creates an alert and notifies the individual or the on-call members of the people or groups you set as recipients in the webhook URL. When the trigger receives a signal saying the issue is resolved, it automatically terminates related alerts in xMatters.

The person responding to the notification has the following response options:

  • Acknowledge: Acknowledges the notifications and stops escalations.
  • Escalate: Immediately escalates the alert to the next on-call resolver in a targeted group.
  • Close: Ends the xMatters alert and stops notifying all targeted recipients.
  • Initiate Incident: Initiates an incident in xMatters.

Next Steps

Now that you've installed the workflow, you can use it as-is, or customize it to suit your needs better. Here are some examples of things you can add to the workflow to customize it: