Logz.io

Send log alerts to Squadcast from Logz.io (ELK stack)

This document will help you integrate Logz.io with Squadcast.

Logz.io allows engineers to look into their stack with powerful log, metric, and tracing analytics based on the cloud-native tools they use. Route detailed monitoring alerts from Logz.io to the right users in Squadcast.

How to integrate Logz.io with Squadcast

In Squadcast: Using Logz.io as an Alert Source

(1) From the navigation bar on the left, select Services. Pick the applicable Team from the Team-picker on the top. Next, click on Alert Sources for the applicable Service

(2) Search for Logz.io from the Alert Source drop-down and copy the Webhook URL

Important

For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

In Logz.io: Create a Squadcast webhook alert

(1) In the app, go to Alerts & Events > Notification endpoints to create the webhook

(2) Click on Add endpoint

(3) Fill in the form as shown below:

Type: Custom
Name: Squadcast Webhook
Description (optional)
URL: Paste the URL endpoint that was copied from Squadcast Service for Logz.io
Method: POST
Run the test to see if you received a test alert in Squadcast
Click on Save

Find more details on how each of these parameters can be configured here

{
    "alert_title": "{{alert_title}}",
    "alert_description": "{{alert_description}}",
    "alert_severity": "{{alert_severity}}",
    "account_id": "{{account_id}}",
    "account_name": "{{account_name}}",
    "alert_samples": "{{alert_samples}}",
    "alert_tags_json": "[{{alert_tags_json}}]"
}

(4) Next, to create the alert itself, you can either:

Go to Alerts & Events > New Alert or,
Click on Create Alert from the Kibana dashboard

Find more details on how each of these parameters can be configured here

(5) Give the alert a title

Now, you will have to fill out the 3 sections:

(a) Search for… section:

Either enter your Search query or verify that the query present is correct
Choose to Group By certain fields
Select Accounts to Search
Choose to repeat this (by adding another query), join the queries, etc.

(5) (b) Trigger if… section:

Add Trigger conditions for the alert and add one or more thresholds for the trigger

(5) (c) Notify section:

Add a Description for the alert (which will be visible for these incidents in Squadcast)
Associate Tags (if any)
Who to send it to -> choose Squadcast Webhook
Choose a wait time between notifications as needed
Output format -> choose JSON
You can choose to either send all log fields or custom fields

(6) Click on Save

That is it, you are now good to go! Whenever a log alert is triggered in Logz.io, an incident will be created automatically in Squadcast.

FAQ:

Q: If an alert gets resolved in Logz.io, does Logz.io send auto-resolve signals to Squadcast?

A: No, Logz.io does not send auto-resolve signals to Squadcast. Hence, Squadcast incidents from Logz.io should be resolved manually.