Schema for incidents and alerts

#1

Hello Team,

Do you have any sample json for incidents and log_entries schema.
I took the sample from API and converted my schema but I am seeing new fields in the responses.

If you can help with schema or any sample incident or log_entrie, it would be a great help.

Usecase: I am ingesting incidents and log_entries into bigquery and it need a schema definition,

Thanks,
Vivek

#2

IMO, it’s best to create some incidents and then take the typical actions found in your environment across the incident’s lifecycle like ack, add note, add a status update, request responder, etc… and then make your API calls to see the fields/values across various endpoints.

#3

In similar projects I’ve done for customers, we focused on this short list of log entry types to aide in reporting solutions:

  • acknowledge_log_entry (ack)
  • assign_log_entry (assignment)
  • escalate_log_entry (escalate)
  • external references (linked to SNow, Jira, SFSC, etc)
  • trigger_log_entry (trigger)
  • notify_log_entry (email, sms, push, phone to responder)
  • snooze_log_entry (snooze)
  • responder_request_log_entry (Add Responder User)
  • responder_request_for_escalation_policy_log_entry (Add Responder EP)
  • responder_accept_log_entry (accepted responder request)
  • priority_change_log_entry (changed priority)
  • response_play_run_log_entry (run response play)
  • resolve_log_entry (resolution)