SolarWinds Papertrail

SolarWinds Papertrail delivers cloud-hosted log management for faster troubleshooting of infrastructure and application issues. Combined with xMatters, this integration with relays critical insight data to the correct people and systems to help them coordinate and resolve incidents faster.

This workflow lets you send actionable alerts to on-call resources when xMatters gets a signal from Papertrail. Responders can initiate an incident with the press of a button, or you can build on the flow to perform automated resolution tasks.

How it works

When an alert is generated in Papertrail, it sends a JSON-formatted webhook to xMatters, based on user-defined alert rules. A Papertrail Alert trigger in xMatters parses the webhook and initiates a flow. The webhook includes essential alert data you can use to enrich notifications to users or when building automated tasks.

Install the workflow

The following instructions describe how to install the workflow through the xMatters one-click installation process.

  1. Go to the Workflow Templates page and click the SolarWinds Papertrail tile.
  2. On the Set up the Workflow tab, give the workflow a name that identifies its purpose (this must be unique in your instance), add an optional description, and set the default incident type (if applicable). Any built-in Initiate Incident steps in the workflow will automatically be set to the selected incident type.
    • You can edit these later, if needed.

  3. Click Next to set up the connection.
  4. Copy the trigger URL — you’ll use this to configure the webhook in SolarWinds Papertrail.
    • The trigger URL includes the recipients parameter, which specifies who should be notified. By default, this parameter is set to notify you (the logged in user), but you can set it to target any user or group you want.

  5. Send a test signal to the trigger URL to test the connection.
  6. Click Open Workflow to view and customize the workflow, or Close to return to the Workflows page.

Configure Papertrail to send requests to the trigger URL

To have Papertrail send an alert to xMatters, you must first have at least one saved search in Papertrail.

You can create a new saved search or use an existing saved search:

  • To save a new Papertrail search:
    • Go to Events and search for the logs you want Papertrail to alert on. Refine the returned matches, then click Save Search.
    • On the Save Search window, give the search a unique name, then click Save & Setup an Alert.
  • To set up an alert on an existing Papertrail search:
    • On the Dashboard, click the pencil icon on the saved search and select New Alert.

Now that we have a search to alert on, let's set up the alert.

  1. On the Choose a Service page, select Webhook.

  2. On the Create Alert screen, configure the alert conditions.
  3. In the Webhook Details section, paste the trigger URL you copied from Flow Designer.
  4. Add the target names of any recipients you want to notify when the alert fires to the end of the URL.
    • For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
    • For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.
    • You must URL-encode any special characters or spaces in the target names.

  5. To receive a smaller payload from Papertrail, select Send only counts.
  6. Click Create Alert.

You're ready to use the webhook to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use.

Set recipients in the trigger URL

The trigger expects the recipients in the trigger URL. When you copy the URL from xMatters, it includes the recipients parameter: recipients=<yourname>. Of course, you don’t want to receive all the alerts.

To change the recipients for alerts from this webhook, swap out your name for the people or groups you want to target.

  • For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
  • For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.

Remember to URL-encode any special characters, including spaces, in your group names.

We recommend using groups so you can take advantage of the xMatters group features — rotations, escalations, and absences — to reach the right on-call people to jump on an issue.

How to use the workflow

When a condition you've set fires, it sends a signal to xMatters, which creates an alert and notifies the individual or the on-call members of the people or groups you set as recipients in the webhook URL. When the trigger receives a signal saying the issue is resolved, it automatically terminates related alerts in xMatters.

The person responding to the notification has the following response options:

  • Acknowledge: Acknowledges the notifications and stops escalations.
  • Escalate: Immediately escalates the alert to the next on-call resolver in a targeted group.
  • Close: Ends the xMatters alert and stops notifying all targeted recipients.
  • Initiate Incident: Initiates an incident in xMatters.

Next Steps

Now that you've installed the workflow, you can use it as-is, or customize it to suit your needs better. Here are some examples of things you can add to the workflow to customize it: