Destinations are the data outputs to Applied Intelligence, where you can view your automatically correlated incidents. You can configure Incident Intelligence destinations to send data to PagerDuty or webhooks. This document gives examples of destination templates, webhook formats, and JSON schema.
Destination template examples
The following template example destinations are formatted in Jinja2.
- Suggested VictorOps template example
-
{ "monitoring_tool": {{ sources }}, {% if state == 'closed' %} "message_type": "OK", {% else %} "message_type": {{ priority }}, {% endif %} "custom_fields": { "issue_url": {{ url }}, "description": {{ description }}, "state": {{ state }}, "is_correlated": {{ is_correlated }}, "created_on": {{ created_on }}, "modified_on": {{ modified_on }}, "activated_on": {{ active_since }}, "closed_on": {% if closed_on is defined %} {{ closed_on }} {% else %} None {% endif %}, "related_incidents": [ {% for incident in incidents %} { "id": {{ incident.id }}, "events_count": {{ incident.events_count }}, "labels": {{ incident.labels }}, "title": {{ incident.title }}, "description": {{ incident.description }}, "state": {{ incident.state }}, "sources": {{ incident.sources }}, "modified_on": {{ incident.modified_on }}, "opened_on": {{ incident.opened_on }}, "closed_on": {{ incident.closed_on }} } {% if not loop.last %},{% endif %} {% endfor %} ] }, "state_message": {{ description }}, "entity_id": {{ id }}, "entity_display_name": {{ ui_name }}, "vo_annotate.u.NRAI_Link": {{ url }} } - Suggested OpsGenie template example
-
{ "alias": {{ id }}, "message": {{ ui_name }}, "source": '{{ sources }}', "priority": {{ priority }}, "details": { "self_url": {{ url }}, "state": {{ state }}, "is_correlated": {{ is_correlated }}, "created_on": {{ created_on }}, "modified_on": {{ modified_on }}, "activated_on": {{ active_since }}, "closed_on": {% if closed_on is defined %} {{ closed_on }} {% else %} None {% endif %}, "is_correlated": {{ is_correlated }} }, "description": 'Incidents [ {% for incident in incidents %} { "id": {{ incident.id }}, "events_count": {{ incident.events_count }}, "labels": {{ incident.labels }}, "title": {{ incident.title }}, "description": {{ incident.description }}, "state": {{ incident.state }}, "sources": {{ incident.sources }}, "modified_on": {{ incident.modified_on }}, "opened_on": {{ incident.opened_on }}, "closed_on": {{ incident.closed_on }} } {% if not loop.last %},{% endif %}{% endfor %} ]' } - Suggested ServiceNow template example
-
{ "short_description": {{ ui_name }}, "description": 'Issue Id: {{ id }}, Description: {{ description }}, Sources: {{ sources }}, Priority: {{ priority }}, Details: { self_url: {{ url }}, state: {{ state }}, is_correlated: {{ is_correlated }}, created_on: {{ created_on }}, modified_on: {{ modified_on }}, activated_on: {{ active_since }}, closed_on: {% if closed_on is defined %} {{ closed_on }} {% else %} None {% endif %}, is_correlated: {{is_correlated}} }, incidents: {{ incidents }}, pathways: {{ pathways }}' }
Webhook and JSON format examples
Applied Intelligence will send the event body in JSON format via HTTPS POST. The system expects the endpoint to return a successful HTTP code (2xx). If you use webhooks to configure Incident Intelligence destinations, use these examples of the webhook body format and JSON schema.
- Webhook format and JSON example
-
Webhook format:
Name Description urlHref
A link to the UI where the issue can be seen.
idString
Unique identifier for the issue.
titleString
The issue title. descriptionString
The description of the issue. priorityEnum
The issue priority. Can be Critical, High, Medium, or Low. stateEnum
The issue status. Can be Active, Closed, or Acknowledged. is_correlatedBoolean
True if the issue is based on correlated data. created_onString
The date and time the issue was created (in ISO format). modified_onString
The date and time the issue was modified (in ISO format). activated_onString
The date and time the issue was activated (in ISO format). closed_onString
The date and time the issue was closed (in ISO format). sourcesList(String)
List of the different sources that were used to send the events into Applied Intelligence (for example: PagerDuty).
pathwaysList(Pathways)
List of pathways that are associated with the issue. Each pathway contains an id and name:
[{“id”: “pathway id”, “name”: “pathway name”}].pathways[].idString
The pathway ID. pathways[].nameString
The pathway name. incidentsList(Incident)
List of incidents that are attached to the issue. The list contains only the latest 100 incidents.
incidents[].idString
The incident ID. incidents[].events_countInteger
The number of events used to create the incident.
incidents[].titleString
The incident title. incidents[].descriptionString
The incident description. incidents[].labelsDictionary (String)
A string to string mapping of the incident labels. Labels represent the unique entities that are used to describe the incident.
incidents[].priorityEnum
The incident priority. Can be Critical, High, Medium, or Low. incidents[].sourcesList(String)
The incident source. incidents[].stateEnum(open, closed)
The incident state. incidents[].opened_onString
The date and time the incident was opened (in ISO format). incidents[].closed_onString
The date and time the incident was closed (in ISO format). incidents[].modified_onString
The date and time the incident was modified (in ISO format). - JSON schema example
-
Applied Intelligence will send the event body in JSON format via HTTPS POST. The system expects the endpoint to return a successful HTTP code (
2xx).JSON schema:
{ "$schema": "http://json-schema.org/draft-04/schema#", "definitions": { "Labels": { "type": "object", "properties": {}, "additionalProperties": { "type": "string", "maxLength": 10000 } }, "LabelsSet": { "type": "array", "properties": {}, "additionalProperties": { "type": "array", "items": { "$ref": "#/definitions/Labels" }, "uniqueItems": true }, }, "Annotations": { "type": "object", "title": "Additional contextual information about the Entity", "description": "Fields like title, description and priority can be described as annotations since\nthey represent some additional information about the Incident.\nFor example, the rule that creates the entity can have some logic that will create a title annotation field.\nThe title will change according to the latest event received by the entity and as more\nevent will keep coming the field may change, all this as a decision by the rule.\nA different rule may decide not to populate the title at all.\nSince a title can also be produced from the labels themselves.", "properties": { "title": { "type": "string", "maxLength": 10000 }, "description": { "type": "string", "maxLength": 10000 } }, "patternProperties": { ".*": { "type": "string", "maxLength": 10000 } }, "additionalProperties": { "type": "string", "maxLength": 10000 } }, "Accumulations": { "type": "object", "title": "Accumulated data about the Incident", "description": "For example an entity with the label: host_name: foo will include a accumulated list of the\nrelevant process names that are relevant to the entity. Accumulations will be derived from the events", "properties": {}, "additionalProperties": { "type": "array", "items": { "type": "string", "maxLength": 10000 } } }, "IssueState": { "type": "string", "enum": [ "created", "active", "acknowledged", "closed" ], "properties": {}, "additionalProperties": false }, "Priority": { "type": "string", "enum": [ "critical", "high", "medium", "low" ], "properties": {}, "additionalProperties": false }, "IssueClosingReason": { "type": "string", "enum": [ "nacked", "resolved", "system" ], "properties": {}, "additionalProperties": false }, "IssueAction": { "type": "string", "enum": [ "ack", "snooze", "nack", "end_snooze", "expire_snooze", "star", "un_snooze", "unstar", "archive", "unarchive", "resolve", "reopen", "open", "feedback", "feedback_file", "open_ticket", "merge_issues", "active", "create", "close", "incident_updated", "confidence_changed", "diagnoses_changed", "rule_properties_changed", "flapping", "notification", "incident_events_limit_reached", "follow", "unfollow", "priority_updated", "comment", "incident_appended", "diagnosis_feedback", "flapping_delay_close" ], "properties": {}, "additionalProperties": false }, "StringKeyValue": { "type": "object", "properties": {}, "additionalProperties": { "type": "string" } }, "JavaOptionalUuid": { "type": "string", "properties": {}, "additionalProperties": false, "format": "string-uuid" } }, "type": "object", "properties": { "id": { "type": "string", "format": "string-uuid" }, "customer_id": { "type": "integer" }, "labels_set": { "$ref": "#/definitions/LabelsSet" }, "annotations": { "$ref": "#/definitions/Annotations" }, "user_annotations": { "$ref": "#/definitions/Annotations" }, "user_annotations_version": { "type": "integer" }, "accumulations": { "$ref": "#/definitions/Accumulations" }, "state": { "$ref": "#/definitions/IssueState" }, "previous_state": { "$ref": "#/definitions/IssueState" }, "priority": { "$ref": "#/definitions/Priority" }, "closing_reason": { "oneOf": [ { "$ref": "#/definitions/IssueClosingReason" }, { "type": "null" } ] }, "modified_on": { "type": "integer" }, "created_on": { "type": "integer" }, "closed_on": { "oneOf": [ { "type": "integer" }, { "type": "null" } ] }, "acknowledged_on": { "oneOf": [ { "type": "integer" }, { "type": "null" } ] }, "active_since": { "oneOf": [ { "type": "integer" }, { "type": "null" } ] }, "assigned_to": { "oneOf": [ { "type": "array", "items": { "type": "string", "minLength": 1 }, "uniqueItems": true }, { "type": "null" } ] }, "created_by": { "oneOf": [ { "type": "array", "items": { "type": "string", "minLength": 1 }, "uniqueItems": true }, { "type": "null" } ] }, "progress_report": { "type": "array", "default": [], "items": { "type": "object", "properties": { "origin_id": { "oneOf": [ { "type": "string", "minLength": 1 }, { "type": "null" } ] }, "timestamp": { "type": "integer" }, "action_timestamp": { "oneOf": [ { "type": "integer" }, { "type": "null" } ] }, "origin_type": { "type": "string", "enum": [ "user", "system" ] }, "event_type": { "$ref": "#/definitions/IssueAction" }, "issue_id": { "oneOf": [ { "type": "string", "minLength": 1, "format": "string-uuid" }, { "type": "null" } ] }, "attributes": { "oneOf": [ { "$ref": "#/definitions/StringKeyValue" }, { "type": "null" } ] }, "team_id": { "$ref": "#/definitions/JavaOptionalUuid" } }, "required": [ "timestamp", "origin_type", "event_type" ], "additionalProperties": false }, "uniqueItems": true }, "rule_id": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 255 }, { "type": "null" } ] }, "incident_ids": { "oneOf": [ { "type": "array", "items": { "type": "string", "format": "string-uuid" }, "uniqueItems": true }, { "type": "null" } ] }, "confidence": { "type": "number", "default": 1.0, "minimum": 0.0, "maximum": 1.0 } }, "required": [ "id", "customer_id", "labels_set", "annotations", "priority", "modified_on", "created_on", "confidence" ], "additionalProperties": true } - Jinja2 Default Payload
-
Applied Intelligence uses a templating framework called Jinja2 in the Webhook interface.
Here is a default Jinja2 payload to use:
{ "id": {{ id }}, "url": {{ url }}, "ui_name": {{ ui_name }}, "description": {{ description }}, "priority": {{ priority }}, "state": {{ state }}, "is_correlated": {{ is_correlated }}, "created_on": {{ created_on }}, "modified_on": {{ modified_on }}, "active_since": {{ active_since }}, "closed_on": {% if closed_on is defined %} {{ closed_on }} {% else %} None {% endif %}, "sources": {{ sources }}, "incidents": {{ incidents }}, "pathways": {{ pathways }}, }