Hi Im using the Elastic integrations with PagerDuty, All perfect with that. But i need to get the Alert Logs, to determine what is the last alert and so could “Resolved” the Incident in base of this.
This Endpoint Exist?
Im reading the API Doc and only see to retrieve alerts, but no alert logs.
Thanks in advance.
Hi Martin!
There are two different endpoints that may be helpful for you.
First, is the log_entries endpoint that will show log entries across the account.
Additionally, you can view logs for a specific incident by using the /incidents/{id}/log_entries.
Josef
Hi Martin!
There are two different endpoints that may be helpful for you. First, is the
Hi Josef, yes i used this but cannot retrieve the result that i need, because only retrieve the result for incident lifecycle (Triggered through the API, Assigned to Martin, Alert “Down monitors: swops-api, swops-api-master” added through the API, Event rule set urgency to high through the API … and more until finish and repair the incident), but cannot retrieve the specification of alert_log, none of two endpoint that you gave me retrieve that
Can i send Images from the section that i need? Maybe can you understand me a litlle bit better.
Hi Martin,
What information are you looking to get specifically from the API, relating to the alert logs?
You can upload images on our forum, but if any of the images contain sensitive information, you can email them to us instead, at support@pagerduty.com, and we can continue helping you there.
Josef
I’m assuming you want to get the original raw events sent from your monitoring tools/integrations. You will need to query the Incident API and get each incident. Then, for each incident, make a second query to get the alerts that are associated with each incident using this API endpoint: https://developer.pagerduty.com/api-reference/reference/REST/openapiv3.json/paths/~1incidents~1{id}~1alerts/get
You will want to include the additional parameter “first_trigger_log_entries” in this query. This will ensure that you get the raw event payload. In the API response body, look for the “first_trigger_log_entries” body and you can send that along to Elastic for search and visualization there.
You may want to create a “hybrid” payload from Incident, Alert, Responder/Team data and then send that into Elastic so you get only what you need for your use case.
Hi Doug, yes i use this endpoint but is not useful because i need to retrieve the alert logs that figure out at admin panel url https://${ENTERPRISE}.pagerduty.com/alerts/${INCIDENT_ID}.
Josef Recommend me to use log entries endpoint and yesterday i was trying to get the information with this but is not was possible i can’t get the info that i need. this retrieve info of log_entries(events) from the incident but not from alert_logs, i understand the alert logs are like a count of each one and only is accessible in case you use Events API, in this case Elastic send events through Events API.
Can you help me?
Greetings.
Hi Martin,
I have followed up via email, but I will post here as well for visibility!
We do not have a specific alert_log endpoint, so if the options that Doug or I presented don’t fit your use case, the data you are looking to collect may not be available via the API. You may want to consider collecting the data on the other end when you originally send the events via the events API.
Additionally, if you would like I can create a feature request on your behalf.
Best,
Josef
Hi Josef,
I have a question, you will notify me when the feature are being developed?
How i do follow this?
Greetings, thanks in advance.
Hi Martin,
Due to the number of feature requests we receive, unfortunately, we are unable to update you on when/if the feature will be developed.
You can keep a tab on what new features are released on our website here.
Best,
Josef
Hi Josef, How Are you?
any news about this issue?
Greetings, Thanks in Advance
Hi Martin,
As this isn’t a bug, but rather a feature request, we are unable to provide regular updates on this.
As of now, I would recommend following what Doug suggested in his previous response.
Best,
Josef