Skip to main content

Notification Channels

Notification Channels Overview

Notification Channels Overview

Notification Channels are destinations for Last9 to send notifications using webhooks or Integration APIs. We currently support Slack, Pagerduty, OpsGenie integrations. If you need any other channels to be supported, please get in touch via email or discord

Adding a Notification Channel

To add a notification Channel:

  1. Navigate to HomeNotification Channels and click Add Channel

    Adding a Notification Channel

  2. Provide the following details:

    1. Channel Name: Descriptive name that lets your team easily identify channel destination
    2. Channel: Choose a channel from the supported integrations list
    3. Webhook / Integration key: Refer to the linked integration documentation to retrieve the URL/API Key

    Adding a Notification Channel

  3. Press the Test config to check if you are able to receive the message in the configured channel

    Adding a Notification Channel

  4. Press the Save button to enable this channel. This channel can now be used in Alert Groups to start receiving notification

    Adding a Notification Channel


Notification Payloads

Pagerduty

Pagerduty fieldTypeDescription
payloadobject
payload.summarystringTitle for the incident
payload.timestamptimestampThe ending time of this alert, in ISO 8601 format
payload.severitystringcritical / warning for alerts marked as breach/threat in alert rule
payload.sourcestringDedup key for the incident
payload.componentstringEmpty
payload.groupstringDedup key for the incident
payload.classstringAlert Rule Type
payload.custom_detailsobjectDescribed below
routing_keystringPagerduty integration key
event_actionstring'trigger' for active notifications, 'resolve' for resolved notifications
dedup_keystringDedup key for the incident
clientstring"Last9 Dashboard"
client_urlstringLink to health dashboard for the alert in Last9
linksarray of objectsEmpty array
imagesarray of objectsEmpty array

Custom Details

  • alert_condition - Condition set on alert. Static alerts, it is of the format.expr > 10 based on the threshold configured. For pattern-based alerts, it is of the format algo_type(tunable, expr). For example, for a high spike alert set with tunable 3, this would be high_spike(3, expr)
  • algo_type - Type of alert (static_threshold, increasing_changepoint etc)
  • client_url - Link to the health dashboard for this alert on Last9
  • description - Description of the alert. If a description is provided while configuring the rule, it appears here. Otherwise, a default description based on the algorithm, indicator, and entity is shown
  • start - Starting time of this alert, in ISO 8601 format
  • end- Ending time of this alert, in ISO 8601 format
  • expression - Name of the indicator
  • entity_name - Entity name
  • entity_type - Entity type
  • entity_team - Entity team. Is None if not assigned
  • entity_tier - Entity tier. Is None if not assigned
  • entity_workspace - Entity workspace. Is None if not assigned
  • entity_namespace - Entity namespace. Is None if not assigned
  • severity - Severity of the alert (breach/ threat)
  • notification_call - Whether this alert is sent for the first time or repeated (first/ repeat)
  • runbook - Link to the runbook for this alert (has to be configured while setting up alert). This key is omitted if the runbook isn’t configured
  • If the entity under alert has tags associated with it, they are included in custom details as tag_<tag_name> = true
  • time_in_alert - Duration for which this alert was observed. E.g., 8 in 10 minutes.

OpsGenie

Opsgenie fieldDescriptionType
messageTitle for the incidentstring
aliasDedup key for the incidentstring
descriptionDescription of the alert. If a description is provided while configuring the rule, it appears here. Otherwise, this field is omitted.string
tagsTags associated with the entityarray of strings
actions["Debug"]array of strings
detailsDescribed belowobject
entitynullstring
sourceLast9 Dashboardstring
noteA string description of the alert, along with the health dashboard link for the alertstring
respondersNot usedarray of objects
visibleToNot usedarray of objects
priorityNot usedstring
userNot usedstring

Details

  • alert_condition: Condition set on alert. Static alerts, it is of the format.expr > 10 based on the threshold configured. For anomaly alerts, it is of the format algo_name(tunable, expr). For example, for a high spike alert set with tunable 3, this would be high_spike(3, expr)
  • algorithm: Type of alert (static_threshold, increasing_changepoint etc)
  • component: null
  • last9_dashboard: Link to the health dashboard for this alert
  • expression: Name of the indicator
  • service: Name and type of the entity
  • source: Dedup key for this incident
  • entity_name: Entity name
  • entity_type: Entity type
  • entity_team: Entity team. Is None if not assigned
  • entity_tier: Entity tier. Is None if not assigned
  • entity_workspace: Entity workspace. Is None if not assigned
  • entity_namespace: Entity namespace. Is None if not assigned
  • severity: Severity of the alert (breach/ threat)
  • notification_call: Whether this alert is sent for the first time or repeated (first/ repeat)
  • runbook: Link to the runbook for this alert (has to be configured while setting up alert). This key is omitted if the runbook isn’t configured

Troubleshooting

Please get in touch with us on Discord or Email if you have any questions.