Integrations1 min read
Elastic / Kibana
Integrate Elastic Watcher alerts with OpsKnight.
Elastic / Kibana Integration
Receive alerts from Elasticsearch Watcher or Kibana Alerts.
Endpoint
POST /api/integrations/elastic?integrationId=YOUR_INTEGRATION_ID
Setup
- In OpsKnight, go to Service -> Integrations.
- Add a Elastic integration.
- Copy the Webhook URL:
https://[YOUR_DOMAIN]/api/integrations/elastic?integrationId=[ID]
Configuration in Kibana
- Create a Connector.
- Select Webhook.
- Name: OpsKnight.
- Method:
POST. - URL: Paste the OpsKnight Webhook URL.
- Use this connector in your Rules/Actions.
Payload Format
Configure your Connector to send:
{
"rule": { "name": "High CPU" },
"alert": {
"id": "123",
"severity": "critical",
"status": "active",
"reason": "CPU > 90%"
}
}
Event Mapping
| Alert Status | OpsKnight Action |
|---|---|
active |
Trigger incident |
recovered |
Resolve incident |
Deduplication
Dedup key is generated from elastic-{alert.id} or elastic-{rule.id}.
Testing
Using cURL
curl -X POST "https://YOUR_OPSKNIGHT_URL/api/integrations/elastic?integrationId=YOUR_ID" \
-H "Content-Type: application/json" \
-d '{
"rule": { "name": "Test Rule" },
"alert": { "id": "test-1", "severity": "critical", "status": "active" }
}'
Alert Field Mapping
OpsKnight extracts fields in this priority order:
- Summary:
rule.name>alert.reason>message - Urgency:
alert.severity(maps to Warning/Error/Critical) - Status:
alert.statusorevent.action(maps to Trigger/Resolve)
Tip: Ensure your Connector payload maps these standard Elastic fields.
Last updated for v1
Edit this page on GitHub