Skip to main content

External Alert Ingestion

The 3rd Party External Alert Ingestion feature enables users to seamlessly integrate external alerts from third-party sources into the Virtana platform. This feature enhances visibility and centralizes alert management, allowing users to monitor and respond to alerts from various sources within a single pane of glass.

Refer to topic Get Bearer Token, to generate the bearer token.

Adding Alerts

POST API : https://app.cloud.virtana.com/api/alerts/ingest

Example JSON Body for the API :

curl --location 'https://app.cloud.virtana.com/api/alerts/ingest' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJjMjlkMDYwYy0yN2ViLTQ4NWYtYWY2MS05MGJiNzRiMzQyMDMiLCJhdWQiOiJmY2VlMWMyYzgyY2Y0ZDdkOTdiNjI4Mjk5OTIxYWYyOCIsImV4cCI6MTcxMTUyODYzMSwibmJmIjoxNzExNTIxNDMxLCJpYXQiOjE3MTE1MjE0MzEsImp0aSI6IiIsImN1c3RvbTpvcmdfaWQiOiI1NDJkMzNjMC05Y2Q1LTQzZjYtOGNlMS1mZTU3YWRlYTMxNDAiLCJjdXN0b206b3JnX25hbWUiOiJWaXJ0YW5hIEdyZWVuIiwiY3VzdG9tOmNyZWRfb3JnX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0.U60cb251pqBYHyaAMMuhvDf1hU9QzEkfbiOgLVE70-w' \--data-raw '

[    {        "key": "z14b795e2-f01c-4c22-94ee-49eb3b01221",      

  "entity_id": "3946759",      

  "entity_name": "ESXi-HOST01",       

"entity_type": "NFS",       

"summary": "NFS Datastore NFS01 Unavailable - NFS datastore NFS01 is currently unavailable. VMs relying on this datastore may experience storage-related issues.",       

"application_id": "billgen-US-EAST-2",       

"application_region": "US-EAST-2",       

"sre_mailto": {           

"email_list": [   "mail1@virtana.com",  

"mail2@virtana.com"          

  ],           

"frequency": "High"       

},       

"status": "Open",       

"subtype": "Rule",      

  "severity": "Critical"   

}

]'

Request Body Format:

The request body should be a JSON array containing objects with the following properties:

  • key: Unique identifier for the alert.

  • entity_id: Identifier of the entity associated with the alert.

  • entity_name: Name of the entity associated with the alert.

  • entity_type: Type of the entity associated with the alert.

  • summary: Brief summary of the alert.

  • application_id Identifier of the application generating the alert.

  • application_region: Region where the application is hosted.

  • status: Current status of the alert (e.g., Open, Hold, Working,Resolved, Closed).

  • subtype: Subtype of the alert (e.g., Rule, Policy).

  • severity: Severity level of the alert (e.g., Critical, Warning).

  • field1_sm: Additional string values related to the alert (optional).

The request body should be a JSON array containing objects with specific properties.

Default Values:

Certain fields may have default values assigned if not explicitly provided.

  1. entity_name: If not provided, it defaults to the value of entity_id.  

  2. severity: Defaults to "Unknown" if not specified.

  3. event_provider: Defaults to "Others" if not specified.

  4. event_provider_id: Defaults to "Others" if not specified.

  5. priority: Defaults to "Unknown" if not specified.

  6. status: Defaults to "Open" if not specified.

  7. substatus: Defaults to "New" if not specified.

  8. subtype: Defaults to "API" if not specified.

  9. created_on: Defaults to the current system time if not provided.

  10. updated_on: Defaults to the current system time if not provided.

  11. created_by: Defaults to "API" if not specified.

Minimal Mandatory Fields Required:

When adding alert data using the provided API, the following minimal mandatory fields are required:

  • Entity ID (Constants.ENTITY_ID): Identifier of the entity associated with the alert.

  • Entity Type (Constants.ENTITY_TYPE): Type of the entity associated with the alert.

  • Summary (Constants.SUMMARY): Brief summary or description of the alert.These fields are essential for properly identifying and describing the alert within the system.

Custom Properties:

Users can define custom properties as needed.

CUSTOMER.png

Alerts on UI:

  1. Sign in to Virtana Platform.

  2. Navigate to the Alerts section.

  3. Click the filter ICON.png icon and choose "Source Type > Others".

  4. You'll be presented with a list of 3rd party external alert ingestions.

  5. In this list, you'll find details such as repeat count, first seen, and last seen. You can also acknowledge or add notes to the alerts.

  6. Click on any alert to be redirected to the Alert Overview page.

  7. From there, navigate to Properties.

  8. Here, you can view the details of the alert, including those ingested by the customer and unprocessed attributes.

Following these steps will guide users in utilizing the 3rd Party External Alert Ingestion feature effectively.