External Alert Ingestion
The 3rd Party External Alert Ingestion feature enables users to seamlessly integrate external alerts from third-party sources into the Virtana platform. This feature enhances visibility and centralizes alert management, allowing users to monitor and respond to alerts from various sources within a single pane of glass.
Get Bearer Token
To access the API, users must authenticate using a bearer token. The bearer token serves as a form of authorization, granting access to protected resources. Follow these steps to generate a bearer token:
Open the Authentication Endpoint URL: Access the authentication endpoint URL in a web browser or a tool like Postman.
URL:
<Virtana URL>/authentication/oauth/token?client_id=<client_id>&client_secret=<client_secret>&grant type= client credentials
Example: URL: https://app.cloud.virtana.com
To get the client_id and client_secret, refer Generate OAuth Credentials .
Provide Authentication Credentials: Enter the required authentication credentials, which may include a username and password or client ID and client secret.
Submit the Authentication Request: Send the authentication request to the API server.
Receive the Bearer Token: Upon successful authentication, the API server will issue a bearer token.
Copy or Note the Bearer Token: Copy the bearer token from the response or securely note it down.
Use the Bearer Token in Subsequent Requests: Utilize the bearer token in the Authorization header of subsequent API requests, prefixing it with 'Bearer' (e.g., 'Authorization: Bearer [token]'). This token grants access to the API's protected endpoints and resources.
Adding Alerts
POST API : https://app.cloud.virtana.com/api/alerts/ingest
Example JSON Body for the API :
curl --location 'https://app.cloud.virtana.com/api/alerts/ingest' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJjMjlkMDYwYy0yN2ViLTQ4NWYtYWY2MS05MGJiNzRiMzQyMDMiLCJhdWQiOiJmY2VlMWMyYzgyY2Y0ZDdkOTdiNjI4Mjk5OTIxYWYyOCIsImV4cCI6MTcxMTUyODYzMSwibmJmIjoxNzExNTIxNDMxLCJpYXQiOjE3MTE1MjE0MzEsImp0aSI6IiIsImN1c3RvbTpvcmdfaWQiOiI1NDJkMzNjMC05Y2Q1LTQzZjYtOGNlMS1mZTU3YWRlYTMxNDAiLCJjdXN0b206b3JnX25hbWUiOiJWaXJ0YW5hIEdyZWVuIiwiY3VzdG9tOmNyZWRfb3JnX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0.U60cb251pqBYHyaAMMuhvDf1hU9QzEkfbiOgLVE70-w' \--data-raw '
[ { "key": "z14b795e2-f01c-4c22-94ee-49eb3b01221",
"entity_id": "3946759",
"entity_name": "ESXi-HOST01",
"entity_type": "NFS",
"summary": "NFS Datastore NFS01 Unavailable - NFS datastore NFS01 is currently unavailable. VMs relying on this datastore may experience storage-related issues.",
"application_id": "billgen-US-EAST-2",
"application_region": "US-EAST-2",
"sre_mailto": {
"email_list": [ "mail1@virtana.com",
"mail2@virtana.com"
],
"frequency": "High"
},
"status": "Open",
"subtype": "Rule",
"severity": "Critical"
}
]'
Request Body Format:
The request body should be a JSON array containing objects with the following properties:
key: Unique identifier for the alert.
entity_id: Identifier of the entity associated with the alert.
entity_name: Name of the entity associated with the alert.
entity_type: Type of the entity associated with the alert.
summary: Brief summary of the alert.
application_id Identifier of the application generating the alert.
application_region: Region where the application is hosted.
status: Current status of the alert (e.g., Open, Hold, Working,Resolved, Closed).
subtype: Subtype of the alert (e.g., Rule, Policy).
severity: Severity level of the alert (e.g., Critical, Warning).
field1_sm: Additional string values related to the alert (optional).
The request body should be a JSON array containing objects with specific properties.
Default Values:
Certain fields may have default values assigned if not explicitly provided.
entity_name: If not provided, it defaults to the value of entity_id.
severity: Defaults to "Unknown" if not specified.
event_provider: Defaults to "Others" if not specified.
event_provider_id: Defaults to "Others" if not specified.
priority: Defaults to "Unknown" if not specified.
status: Defaults to "Open" if not specified.
substatus: Defaults to "New" if not specified.
subtype: Defaults to "API" if not specified.
created_on: Defaults to the current system time if not provided.
updated_on: Defaults to the current system time if not provided.
created_by: Defaults to "API" if not specified.
Minimal Mandatory Fields Required:
When adding alert data using the provided API, the following minimal mandatory fields are required:
Entity ID (Constants.ENTITY_ID): Identifier of the entity associated with the alert.
Entity Type (Constants.ENTITY_TYPE): Type of the entity associated with the alert.
Summary (Constants.SUMMARY): Brief summary or description of the alert.These fields are essential for properly identifying and describing the alert within the system.
Custom Properties:
Users can define custom properties as needed.
Alerts on UI:
Sign in to Virtana Platform.
Navigate to the Alerts section.
Click the filter
icon and choose "Source Type > Others".You'll be presented with a list of 3rd party external alert ingestions.
In this list, you'll find details such as repeat count, first seen, and last seen. You can also acknowledge or add notes to the alerts.
Click on any alert to be redirected to the Alert Overview page.
From there, navigate to Properties.
Here, you can view the details of the alert, including those ingested by the customer and unprocessed attributes.
Following these steps will guide users in utilizing the 3rd Party External Alert Ingestion feature effectively.