1. Event Types
The following event types are currently supported; more may be added in the future.| Event Type | Description |
|---|---|
| i_new | Create incident (auto or manual) |
| i_assign | Assign incident (auto or manual) |
| i_snooze | Manually snooze incident |
| i_wake | Cancel snooze |
| i_ack | Manually acknowledge incident |
| i_unack | Cancel acknowledgment |
| i_storm | Trigger storm warning |
| i_custom | Trigger custom action |
| i_rslv | Close incident (auto or manual) |
| i_reopen | Reopen incident |
| i_merge | Manually merge incident |
| i_comm | Add comment |
| i_r_title | Update incident title |
| i_r_desc | Update incident description |
| i_r_impact | Update incident impact |
| i_r_rc | Update incident root cause |
| i_r_rsltn | Update incident resolution |
| i_r_severity | Update incident severity |
| i_r_field | Update incident custom field |
2. Push Description
Request Method
POST, Content-Type:“application/json”
Request Payload:
| Field | Type | Required | Description |
|---|---|---|---|
| event_time | int64 | Yes | Event timestamp in milliseconds |
| event_type | string | Yes | Event type, enum values see Event Types |
| event_id | string | Yes | Event ID, the same event may retry multiple times due to timeout, receiver needs to deduplicate |
| person | Person | No | Operator, only exists for human actions |
| incident | Incident | Yes | Incident details |
| Field | Type | Required | Description |
|---|---|---|---|
| person_id | int64 | Yes | Person ID |
| person_name | string | Yes | Person name |
| string | Yes | Email address |
| Field | Type | Required | Description |
|---|---|---|---|
| person_id | int64 | Yes | Person ID |
| person_name | string | Yes | Person name |
| string | Yes | Email address | |
| assigned_at | int64 | No | Assignment time |
| acknowledged_at | int64 | No | Acknowledgment time |
| Field | Type | Required | Description |
|---|---|---|---|
| incident_id | string | Yes | Incident ID |
| title | string | Yes | Incident title |
| description | string | No | Incident description |
| impact | string | No | Incident impact |
| root_cause | string | No | Incident root cause |
| resolution | string | No | Incident resolution |
| incident_severity | string | Yes | Severity, enum: Critical, Warning, Info |
| incident_status | string | Yes | Incident status, enum: Critical, Warning, Info, Ok |
| progress | string | Yes | Progress, enum: Triggered, Processing, Closed |
| created_at | int64 | Yes | Created time |
| updated_at | int64 | Yes | Updated time |
| start_time | int64 | Yes | Trigger time, Unix seconds timestamp |
| last_time | int64 | No | Latest event time, latest event push time in associated alerts, Unix seconds timestamp, default 0 |
| end_time | int64 | No | Recovery time, incident auto-recovers when all associated alerts recover, Unix seconds timestamp, default 0 |
| ack_time | int64 | No | First acknowledgment time, incident can be acknowledged by multiple people, this is the earliest acknowledgment time. Unix seconds timestamp, default 0 |
| close_time | int64 | No | Close time, end_time represents incident recovery time, close_time represents progress close time, incident closes when recovered, closing doesn’t affect recovery. Unix seconds timestamp, default 0 |
| snoozed_before | int64 | No | Snooze deadline |
| labels | map[string]string | No | Label KV, both Key and Value are strings. Not present for manual creation, for auto creation it’s the labels of the first grouped alert |
| fields | map[string]interface | No | Custom field KV, Key is string, Value can be any type depending on field type |
| creator | Person | No | Creator info, only exists for manually created incidents |
| closer | Person | No | Closer info, only exists for manually closed incidents |
| responders | []Responder | No | Responders list, only exists after incident is assigned. May be empty for i_new event |
| alert_cnt | int64 | No | Associated alert count |
| channel_id | int64 | No | Channel ID, 0 means not belonging to any channel |
| channel_name | string | No | Channel name |
| detail_url | string | Yes | Detail URL |
| group_method | string | No | Grouping method, enum: n: no grouping, p: rule-based grouping, i: intelligent grouping |
Request Response
HTTP status code 200 indicates successful push.Request Example
3. FAQ
-
Is there a response timeout?
- Service needs to return response within 2 seconds; exceeding 2 seconds is considered a failure
- Will pushes continue after failure?
- context deadline exceeded (excluding awaiting headers)
- i/o timeout
- eof
-
How to ensure push order?
- Theoretically, events for the same incident are pushed in chronological order, but retries may cause out-of-order delivery
- Services can filter based on event_time; if a later event has been received, earlier events can be filtered out. Each push carries the latest complete information, so occasional event loss is tolerable
-
Trusted IP whitelist for push source?
- May be updated in the future, please check regularly