Integration Sequence and Cloning

In most cases, Inbound Integrations are designed to complete simple tasks; data is sent to the endpoint and when a condition is matched an alert is generated and the designated team is notified. 

However, for some organizations a single Integration is not enough to handle more complex operations.

Configuring multiple endpoints is not a viable solution to this problem as it presents too many opportunities for errors when defining rules to route alerts to different endpoints. It also is more difficult to troubleshoot when configurations are in separate systems.

Integration Cloning

AlertOps addresses this challenge by allowing for configuration of a single endpoint in the originating system with multiple integrations to process the data.  You can then choose different teams to send alerts based on the data. Or perhaps you would like different notification behavior (noisy alerts for high severity and quiet alerts for routine incidents. AlertOps also allows you to apply different Escalation Policies based on the data.

To do this, we leverage two elements, Integration Sequence and Cloning.  Cloning produces an exact copy of an Integration, including the endpoint URL, all of the data field mapping, filters, etc.  You may give the clone a unique name or leave it the same.  The cloned Integration will have one significant difference: the Integration Sequence will be incremented.

Cloning produces an exact copy of an Integration, including the endpoint URL, all the data field mapping, filters, etc. ser may give the clone a unique name or leave it the same. The cloned Integration will have one significant difference, the Integration Sequence will be incremented.

In the above example, we have cloned an Integration, it has received the Integration Sequence of 1 and this means it will be processed second.  The clone has a separate escalation policy as well as a different recipient user associated.

Clone Filters

Cloning alone does not provide any real difference between the Integrations, so with no further change, the second Integration above will never produce an alert, as the first integration in the sequence will process any incoming alerts. This is where Filters come into play.  

In the clone detail page, scroll down to Advanced Settings and expand Filters To Match Incoming Json/Form Fields. By adding Filter to the clone, you create additional conditions for opening alerts. If the Filters in the first Integration are not matched, the data is passed to the second Integration, and if the Filters match there, an Alert is opened.

In the above example, we have cloned an Integration, it has received the Integration Sequence of 1 and will be processed second. We have configured a specific Recipient Group and Escalation Rule for this clone.

Cloning alone does not provide any real difference between the Integrations, so with no further change, the second Integration above will never produce an Alert, as the first one will process all alerts. This is where Filters come into play. In Advanced Settings, expand Filters To Match Incoming Json/Form Fields.

By adding Filters, user create additional conditions for opening alerts. If the Filters in the first Integration are not matched, the data is passed to the next sequenced Integration, and if the Filters match there, an Alert is opened.

In this example above, we have configured a filter for the severity field.  If the value in the data is "critical", this Integration will open an Alert.  If the value is anything other than "critical", it will pass to the next Integration.  With this filter in place, we can choose an Escalation Policy that is appropriate for the condition.  In the next Integration in the sequence, we can modify this filter to reflect a different value, and provide an appropriate Escalation Policy to deliver those notifications.

Typically, the most important conditions are earliest in the sequence, and an Integration with no filter can be used at the end of the sequence as a catchall to notify someone if all other conditions are not met.

By configuring sequenced integrations, alerts can be directed to specific teams, and can provide variable notification methods for differing conditions, as well as invoke Workflow automations.