Log Management
Alerting
Destinations
Opsgenie

Opsgenie

Page the right responders through Opsgenie when log-derived rules breach. Add opsgenie with your API key, message templates, and routing fields. Add opsgenie under alert: on your rule (you can combine destinations).

Details for each key are in Options; Full working example ties the destination into a full ElastAlert 2 rule.

Options

Keys below match the ElastAlert 2 alerter. Shared rule fields such as alert_subject apply as described in Subject & body. Example fragments from the ElastAlert 2 reference appear indented under the option they illustrate (add your own name, type, index, and filter to make a full rule).

Required

  • opsgenie_key — The randomly generated API Integration key created by OpsGenie.

Optional

  • opsgenie_account — The OpsGenie account to integrate with.

  • opsgenie_addr — The OpsGenie URL to to connect against, default is . If using the EU instance of Opsgenie, the URL needs to be for requests to be successful. The address can be formatted with fields from the first match, e.g. ``

  • opsgenie_recipients — A list OpsGenie recipients who will be notified by the alert.

  • opsgenie_recipients_args — Map of arguments used to format opsgenie_recipients.

  • opsgenie_default_recipients — List of default recipients to notify when the formatting of opsgenie_recipients is unsuccesful.

  • opsgenie_teams — A list of OpsGenie teams to notify (useful for schedules with escalation).

  • opsgenie_teams_args — Map of arguments used to format opsgenie_teams (useful for assigning the alerts to teams based on some data).

  • opsgenie_default_teams — List of default teams to notify when the formatting of opsgenie_teams is unsuccesful.

  • opsgenie_tags — A list of tags for this alert.

  • opsgenie_message — Set the OpsGenie message to something other than the rule name. The message can be formatted with fields from the first match, e.g. Error occurred for {app_name} at {timestamp}..

  • opsgenie_description — Set the OpsGenie description to something other than the rule body. The message can be formatted with fields from the first match, e.g. Error occurred for {app_name} at {timestamp}..

  • opsgenie_alias — Set the OpsGenie alias. The alias can be formatted with fields from the first match, e.g. {app_name} error.

  • opsgenie_subject — A string used to create the title of the OpsGenie alert. Can use Python string formatting.

  • opsgenie_subject_args — A list of fields to use to format opsgenie_subject if it contains formaters.

  • opsgenie_priority — Set the OpsGenie priority level. Possible values are P1, P2, P3, P4, P5. Can be formatted with fields from the first match, e.g. P{level}

  • opsgenie_details — Map of custom key/value pairs to include in the alert's details. The value can sourced from either fields in the first match, environment variables, or a constant value.

Example usage

 opsgenie_details:
   Author: 'Bob Smith'          # constant value
   Environment: '$VAR'          # environment variable
   Message:                     # map a match field (ElastAlert flow object: field → message)
     field: message

Example opsgenie_details with kibana_discover_url

 # (Required)
 generate_kibana_discover_url: True
 kibana_discover_app_url: "http://localhost:5601/app/discover#/"
 kibana_discover_index_pattern_id: "4babf380-c3b1-11eb-b616-1b59c2feec54"
 kibana_discover_version: "7.15"
 
 # (Optional)
 kibana_discover_from_timedelta:
   minutes: 10
 kibana_discover_to_timedelta:
   minutes: 10
 
 # (Required)
 opsgenie_details:
   Kibana Url:                 # map a match field (field → kibana_discover_url)
     field: kibana_discover_url
   Message:                    # map a match field (field → message)
     field: message
   Testing: 'yes'

  • opsgenie_proxy — By default ElastAlert 2 will not use a network proxy to send notifications to OpsGenie. Set this option using hostname:port if you need to use a proxy. only supports https.

  • opsgenie_source — Set the OpsGenie source, default is ElastAlert. Can be formatted with fields from the first match, e.g. {source} {region}

  • opsgenie_entity — Set the OpsGenie entity. Can be formatted with fields from the first match, e.g. {host_name}

Full working example

name: Example alert for Opsgenie
type: any
index: "*-*"
filter:
  - query:
      query_string:
        query: "level:error OR log.level:error"
alert:
  - "opsgenie"
opsgenie_key: "REPLACE_INTEGRATION_KEY"
Microsoft TeamsPagerDuty