Elastic

Elastic is a data visualization, analysis, and observability platform that helps monitor your system data in real time. This workflow lets you send actionable alerts to on-call resources when xMatters gets a signal from Elastic through the xMatters connector in Elastic. Responders can initiate an incident with the press of a button, or you can build on the flow to perform automated resolution tasks.

How it works

When an alert is generated in Elastic, it sends a JSON-formatted webhook to xMatters based on user-defined alert rules. An Elastic Alerts trigger in xMatters parses the webhook and initiates a flow. The webhook includes essential alert data you can use to enrich notifications to users or when building automated tasks.

Install the workflow

The following instructions describe how to install the workflow through the xMatters one-click installation process.

  1. Go to the Workflow Templates page and click the Elastic tile.
  2. On the Set up the Workflow tab, give the workflow a name (this must be unique in your instance) and add an optional description.
    • You can edit these later, if needed.

  3. Click Next to set up the connection.
  4. Choose the authentication method you want to use to generate the trigger URL..
  5. Click Next.
  6. Copy the trigger URL — you’ll use this to configure the webhooks in Elastic.
    • The trigger URL includes the recipients parameter, which specifies who should be notified. By default, this parameter is set to notify you (the logged in user), but you can set it to target any user or group you want.

  7. Click Open Workflow.

Configure Elastic to send requests to the trigger URL

To have Elastic send alerts to the flow trigger, configure the xMatters connector with the trigger URL.

  1. In Elastic, select the project you want to connect to xMatters.
  2. Under Kibana, select Stack Management.
  3. Click Alerts and Actions, then select Connectors from the left-hand menu.
  4. Select xMatters from the list of available connectors.
  5. On the xMatters connector window, give the connector a unique name.

  6. Select whether to use Basic or URL Authentication.
    • For Basic Authentication: 
      • Initiation URL: paste the trigger URL you copied from the Elastic Alerts (Connector) trigger in Flow Designer into the Initiation URL field.
        • Add the target names of any recipients you want to notify when the alert fires. For example, if you want to notify Emma Pearson, Mary McBride, and the on-call members in the Monitor Team responsible for the service, you'd add ?recipients=epearson,mmcbride,monitor%20team to the URL. You must URL-encode any special characters or spaces in the target names.
      • Enter the Username and Password for the authenticating user.
    • For URL Authentication: 
      • Initiation URL: paste the xMatters trigger URL you copied from the Elastic Alerts (Connector) trigger in Flow Designer.
      • Add the target names of any recipients you want to notify when the alert fires. For example, if you want to notify Emma Pearson, Mary McBride, and the on-call members in the Monitor Team responsible for the service, you'd add ?recipients=epearson,mmcbride,monitor%20team to the URL. You must URL-encode any special characters or spaces in the target names.
  7. Click Save, or Save & test to test the connector.

If you click Save & test, the Edit connector window opens, and you can set parameters for your test.

  1. Expand the Severity drop-down menu to select a severity level.
  2. Add any optional tags.
  3. Click Run to run the test.

    The connector sends the test request to xMatters and the results of the test are displayed in the Results section of the window.

  4. Click Save & close.

You're ready to use the connector to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use.

Set recipients in the trigger URL

The trigger expects the recipients in the trigger URL. When you copy the URL from xMatters, it includes the recipients parameter: recipients=<yourname>. Of course, you don’t want to receive all the alerts.

To change the recipients for alerts from this webhook, swap out your name for the people or groups you want to target. For example, to target the 'DatabaseTeam', 'Antares Service Team', and 'HR & Marketing' groups, add recipients=databaseteam,antares%20service%20team,HR%20%26%20Marketing to the trigger URL. Remember to URL-encode any special characters, including spaces, in your group names.

We recommend using groups so you can take advantage of the xMatters group features — rotations, escalations, and absences — to reach the right on-call people to jump on an issue.

How to use the workflow

When a condition you've set fires, it sends a signal to xMatters, which creates an alert and notifies the individual or the on-call members of the people or groups you set as recipients in the webhook URL. When the trigger receives a signal saying the issue is resolved, it automatically terminates related alerts in xMatters.

Next Steps

Now that you've installed the workflow, you can use it as-is, or customize it to suit your needs better. Here are some examples of things you can add to the workflow to customize it:

Previous version

While the Elastic workflow that relies on a generic webhook is no longer available, the configuration instructions for generic webhooks are included below for anyone who has it installed in their system already.